Sami FTP服务器多个服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107715 漏洞类型 其他
发布时间 2004-02-13 更新时间 2006-09-20
CVE编号 CVE-2004-2081 CNNVD-ID CNNVD-200412-589
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23692
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-589
|漏洞详情
SamiFTP服务器1.1.3版本的samiftp.dll库文件存在漏洞。本地用户可以通过发布(1)带有波浪号(~)或点点(/../)的CD命令或(2)非空闲文件的GET命令导致服务拒绝(pmsystem.exe崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/9657/info

Sami FTP Server has been reported prone to multiple remote denial of service vulnerabilities. It has been reported that an attacker who has sufficient credentials to access a vulnerable server, may cause the pmsystem.exe executable to raise a fatal exception by making unexpected FTP requests.

cd ~
cd /../
|参考资料

来源:www.karja.com
链接:http://www.karja.com/samiftp/news.html
来源:XF
名称:sami-cd-get-dos(15204)
链接:http://xforce.iss.net/xforce/xfdb/15204
来源:BID
名称:9657
链接:http://www.securityfocus.com/bid/9657
来源:BUGTRAQ
名称:20040213SamiFTPServer1.1.3multiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/353753