Mozilla FireFox FTP PASV命令端口扫描漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112508 漏洞类型 信息泄露
发布时间 2007-03-21 更新时间 2007-07-26
CVE编号 CVE-2007-1562 CNNVD-ID CNNVD-200703-515
漏洞平台 Linux CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/29768
https://www.securityfocus.com/bid/23082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-515
|漏洞详情
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 1.5.0.11之前版本和2.0.0.3之前的2.x版本中存在信息泄露漏洞。攻击者可利用该漏洞扫描检索敏感信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/23082/info

Mozilla Firefox is prone to vulnerability that may allow attackers to obtain potentially sensitive information.

A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/29768.zip
|受影响的产品
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu L
|参考资料

来源:VUPEN
名称:ADV-2007-1034
链接:http://www.frsirt.com/english/advisories/2007/1034
来源:MISC
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=370559
来源:XF
名称:firefox-nsftpstate-information-disclosure(33119)
链接:http://xforce.iss.net/xforce/xfdb/33119
来源:UBUNTU
名称:USN-443-1
链接:http://www.ubuntu.com/usn/usn-443-1
来源:BUGTRAQ
名称:20070322FLEA-2007-0001-1:firefox
链接:http://www.securityfocus.com/archive/1/archive/1/463501/100/0/threaded
来源:www.mozilla.org
链接:http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
来源:MISC
链接:http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
来源:issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1424
来源issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1157
来源:SECTRACK
名称:1017800
链接:http://www.securitytracker.com/id?1017800
来源:BID
名称:23082
链接:http://www.securityfocus.com/bid/23082
来源:BUGTRAQ
名称:20070531FLEA-2007-0023-1:firefox
链接:http://www.securityfocus.com/archive/1/archive/1/470172/100/200/threaded
来源:REDHAT
名称:RHSA-2007:0402
链接: