vuln.sg  kess v2 5017 sd card image repack download

vuln.sg Vulnerability Research Advisory

AceFTP FTP-Client Directory Traversal Vulnerability

by Tan Chew Keong
Release Date: 2008-06-27

kess v2 5017 sd card image repack download   [en] [jp]

kess v2 5017 sd card image repack download Summary

A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.


kess v2 5017 sd card image repack download Tested Versions
kess v2 5017 sd card image repack download Details

This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.

An example of such a response from a malicious FTP server is shown below. 


Response to LIST (forward-slash):

-rw-r--r--    1 ftp      ftp            20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n
 

By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.


kess v2 5017 sd card image repack download POC / Test Code

Please download the POC here and follow the instructions below.

Kess V2 5017 Sd Card Image Repack | !full! Download

Replacing or repairing the SD card for a Kess V2 5.017 is a common fix for "Wake Up" or "Protocol Not Found" errors, often caused by corrupted data on the original card. Required Tools & Files

  1. Safely eject the SD card.
  2. Insert it back into the KESS V2.
  3. Reassemble the device.
  4. Connect KESS V2 to PC via USB.
  5. Open your KESS software (usually v2.20 or v2.23 for clones).
  6. The device should now show "Firmware Version: 5.017" and "Online: Yes".

  1. Stay Offline:

    Never use the KESS V2 with an active internet connection. It can "kill" the firmware and lock the SD card again. kess v2 5017 sd card image repack download

    sell 4GB SD cards already loaded with the necessary files to fix damaged Kess 5.017 Installation & Repair Steps Replacing or repairing the SD card for a Kess V2 5

    KESS v2 5017 SD card image repack

    In the world of automotive tuning and ECU remapping, the KESSv2 tool by Alientech is an industry standard. For technicians and enthusiasts using this hardware, keeping the internal software up to date is crucial for supporting the latest vehicle protocols. One of the most sought-after files for legacy hardware maintenance is the . Safely eject the SD card

    This article dives deep into the technical nuances of the SD card image, the repack concept, and how to safely navigate firmware restoration.

    Even with a perfect image, users report issues:


kess v2 5017 sd card image repack download Patch / Workaround

Avoid downloading files/directories from untrusted FTP servers.


kess v2 5017 sd card image repack download Disclosure Timeline

2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.


Contact
For further enquries, comments, suggestions or bug reports, simply email them to