oftpd USER 拒绝服务漏洞

oftpd USER 拒绝服务漏洞

漏洞ID 1108918 漏洞类型 未知
发布时间 2005-07-06 更新时间 2005-07-12
图片[1]-oftpd USER 拒绝服务漏洞-安全小百科CVE编号 CVE-2005-2239
图片[2]-oftpd USER 拒绝服务漏洞-安全小百科CNNVD-ID CNNVD-200507-142
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25943
https://www.securityfocus.com/bid/89737
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-142
|漏洞详情
oftpd是一款FTP服务端软件。oftpd0.3.7版本中存在拒绝服务漏洞。远程攻击者可通过带有大量空()字符的USER命令,使系统拒绝服务.
|漏洞EXP
source: http://www.securityfocus.com/bid/14161/info

oftpd is prone to a remotely exploitable buffer overflow. This may be triggered by a client through an overly long argument for the USER command.

Successful exploitation may let a remote attacker execute arbitrary code in the context of the server process. 

530 Only anonymous FTP supported.
ftp: Login failed.
ftp> user
(username)
usage: user username [password [account]]
ftp> user  (much larger string)
500 Syntax error, command unrecognized.
Login failed.
ftp> user
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x30303054
0x969b56d8 in history ()
|受影响的产品
oftpd oftpd 0.3.7
|参考资料

来源:SECTRACK
名称:1014413
链接:http://securitytracker.com/id?1014413

相关推荐: POC32 Unauthorized Telnet Access Vulnerability

POC32 Unauthorized Telnet Access Vulnerability 漏洞ID 1104327 漏洞类型 Design Error 发布时间 2000-03-07 更新时间 2000-03-07 CVE编号 N/A CNNVD-ID N…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享