Serv-U FTP服务 SITE PASS DoS 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105632 漏洞类型 缓冲区溢出
发布时间 1999-12-02 更新时间 2006-04-20
CVE编号 CVE-1999-0838 CNNVD-ID CNNVD-199912-007
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19664
https://www.securityfocus.com/bid/859
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-007
|漏洞详情
Serv-UFTP2.5存在缓冲区溢出漏洞。远程用户可以通过SITE指令引起服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/859/info

If the Serv-U FTP server receives an overly long argument to the SITE PASS command, it will crash. To issue this command, an attacker must be already logged in as an authenticated user, including an 'anonymous' user.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/19664.zip
|受影响的产品
Cat Soft Serv-U 2.5 a - Microsoft Windows 3.1 - Microsoft Windows 95 - Microsoft Windows 98
|参考资料

来源:BID
名称:859
链接:http://www.securityfocus.com/bid/859