https://cxsecurity.com/issue/WLB-2007100110
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-155

Netbus1.5到1.7版本在同一时间允许多个客户端连接，但只有第一次连接提示认证。远程攻击者提升访问权限。

Netbus 1.x server is able to be connected to without a password. you will

need to open two clients that are compatable with the server being

connected to. With one client connect to the server and wait until the

password screen appears. once this happens connect to the same server with

the other client and it will not ask you for a password. this is done

because the server thinks you are already connected and notices the same

IP connected to the same server allowing you to connect.

[I do not know if this has been posted before due to the fact that netbus

is old. if it has I apologize.]

来源:XF
名称:netbus-password-authentication-bypass(11982)
链接:http://xforce.iss.net/xforce/xfdb/11982
来源:BID
名称:7538
链接:http://www.securityfocus.com/bid/7538
来源:BUGTRAQ
名称:20030509Netbus1.xexploit
链接:http://www.securityfocus.com/archive/1/320980
来源:SREASON
名称:3289
链接:http://securityreason.com/securityalert/3289