oftpd USER 拒绝服务漏洞

22次阅读
没有评论

oftpd USER 拒绝服务漏洞

漏洞ID 1108918 漏洞类型 未知
发布时间 2005-07-06 更新时间 2005-07-12
oftpd USER 拒绝服务漏洞CVE编号 CVE-2005-2239
oftpd USER 拒绝服务漏洞CNNVD-ID CNNVD-200507-142
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25943
https://www.securityfocus.com/bid/89737
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-142
|漏洞详情
oftpd是一款FTP服务端软件。oftpd0.3.7版本中存在拒绝服务漏洞。远程攻击者可通过带有大量空()字符的USER命令,使系统拒绝服务.
|漏洞EXP
source: http://www.securityfocus.com/bid/14161/info

oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command.

Successful exploitation may let a remote attacker execute arbitrary code in the context of the server process. 

530 Only anonymous FTP supported.
ftp: Login failed.
ftp> user
(username)
usage: user username 

 此处含有隐藏内容,需要正确输入密码后可见!

] ftp> user (much larger string) 500 Syntax error, command unrecognized. Login failed. ftp> user Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x30303054 0x969b56d8 in history ()
|受影响的产品
oftpd oftpd 0.3.7
|参考资料

来源:SECTRACK
名称:1014413
链接:http://securitytracker.com/id?1014413

相关推荐: POC32 Unauthorized Telnet Access Vulnerability

POC32 Unauthorized Telnet Access Vulnerability 漏洞ID 1104327 漏洞类型 Design Error 发布时间 2000-03-07 更新时间 2000-03-07 CVE编号 N/A CNNVD-ID N…

正文完
 0