Sami FTP Server 多个远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114573 漏洞类型 输入验证
发布时间 2008-02-15 更新时间 2009-01-29
CVE编号 CVE-2008-5105 CNNVD-ID CNNVD-200811-256
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/31205
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200811-256
|漏洞详情
Sami是KarjaSoft开发的一个小巧易用的FTP服务器程序。SamiFTPServer允许远程攻击者借助特定的(1)APPE,(2)CWD,(3)DELE,(4)MKD,(5)RMD,(6)RETR,(7)RNFR,(8)RNTO,(9)SIZE和(10)STOR指令,引起拒绝服务攻击(后台程序崩溃或中止)。
|漏洞EXP
source: http://www.securityfocus.com/bid/27817/info

Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may also be affected. 

An attacker can use standard FTP clients or network utilities to exploit these issues.

Issuing one of the affected commands followed by 'AA' will trigger a denial of service.
|参考资料

来源:BID
名称:27817
链接:http://www.securityfocus.com/bid/27817
来源:BUGTRAQ
名称:20080215SamiFTPServer2.0.*MultipleRemoteVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/488198/100/200/threaded
来源:SREASON
名称:4603
链接:http://securityreason.com/securityalert/4603