Netbus认证绕过漏洞

Netbus认证绕过漏洞

漏洞ID 1202214 漏洞类型 授权问题
发布时间 2003-12-31 更新时间 2003-12-31
图片[1]-Netbus认证绕过漏洞-安全小百科CVE编号 CVE-2003-1475
图片[2]-Netbus认证绕过漏洞-安全小百科CNNVD-ID CNNVD-200312-155
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100110
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-155
|漏洞详情
Netbus1.5到1.7版本在同一时间允许多个客户端连接,但只有第一次连接提示认证。远程攻击者提升访问权限。
|漏洞EXP


Netbus 1.x server is able to be connected to without a password. you will

need to open two clients that are compatable with the server being

connected to. With one client connect to the server and wait until the

password screen appears. once this happens connect to the same server with

the other client and it will not ask you for a password. this is done

because the server thinks you are already connected and notices the same

IP connected to the same server allowing you to connect.

[I do not know if this has been posted before due to the fact that netbus

is old. if it has I apologize.]
|参考资料

来源:XF
名称:netbus-password-authentication-bypass(11982)
链接:http://xforce.iss.net/xforce/xfdb/11982
来源:BID
名称:7538
链接:http://www.securityfocus.com/bid/7538
来源:BUGTRAQ
名称:20030509Netbus1.xexploit
链接:http://www.securityfocus.com/archive/1/320980
来源:SREASON
名称:3289
链接:http://securityreason.com/securityalert/3289

相关推荐: NCSA HTTPd Buffer Overflow Vulnerability

NCSA HTTPd Buffer Overflow Vulnerability 漏洞ID 1105135 漏洞类型 Boundary Condition Error 发布时间 1995-02-17 更新时间 1995-02-17 CVE编号 N/A CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享