IglooFTP PRO缓冲区溢出漏洞

IglooFTP PRO缓冲区溢出漏洞

漏洞ID 1107407 漏洞类型 缓冲区溢出
发布时间 2003-07-07 更新时间 2003-08-18
图片[1]-IglooFTP PRO缓冲区溢出漏洞-安全小百科CVE编号 CVE-2003-0561
图片[2]-IglooFTP PRO缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200308-081
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22872
https://www.securityfocus.com/bid/82771
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-081
|漏洞详情
IglooFTPPRO3.8版本存在多个缓冲区溢出漏洞。远程FTP服务器可以借助(1)超长FTP标语,或到客户端命令(2)USER、(3)PASS、(4)ACCT和可能其他命令的超长响应来执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/8117/info
 
IglooFTP PRO for Windows platforms has been reported prone to multiple buffer overrun vulnerabilities.
 
The issue likely presents itself due do a lack of sufficient bounds checking performed on data that is copied into a reserved internal memory buffer. Remote arbitrary code execution has been confirmed.
 
It should be noted that although this vulnerability has been reported to affect IglooFTP PRO version 3.8, other versions might also be affected.


https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/22872.zip
|受影响的产品
IglooFTP IglooFTP PRO 3.8
|参考资料

来源:BUGTRAQ
名称:20030707MultipleBufferOverflowsinIglooFTPPRO
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105769805311484&w;=2
来源:VULNWATCH
名称:20030707MultipleBufferOverflowsinIglooFTPPRO
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html

相关推荐: ezbounce Format String Vulnerability

ezbounce Format String Vulnerability 漏洞ID 1099904 漏洞类型 Input Validation Error 发布时间 2003-07-01 更新时间 2003-07-01 CVE编号 N/A CNNVD-ID N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享