ProFTPD超长命令处理跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1185157 漏洞类型 跨站请求伪造
发布时间 2008-09-25 更新时间 2009-03-06
CVE编号 CVE-2008-4242 CNNVD-ID CNNVD-200809-356
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-356
|漏洞详情
ProFTPD是一款开放源代码FTP服务程序。ProFTPD在处理超长的FTP请求时while()循环和fgets()函数错误的将剩余部分的字符串解释为FTP命令。例如,以下命令:"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|参考资料

来源:FEDORA
名称:FEDORA-2009-0195
链接:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html
来源:FEDORA
名称:FEDORA-2009-0064
链接:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html
来源:XF
名称:proftpd-url-csrf(45274)
链接:http://xforce.iss.net/xforce/xfdb/45274
来源:SECTRACK
名称:1020945
链接:http://www.securitytracker.com/id?1020945
来源:BID
名称:31289
链接:http://www.securityfocus.com/bid/31289
来源:MANDRIVA
名称:MDVSA-2009:061
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:061
来源:DEBIAN
名称:DSA-1689
链接:http://www.debian.org/security/2008/dsa-1689
来源:SREASON
名称:4313
链接:http://securityreason.com/securityalert/4313
来源:SREASONRES
名称:20080926multiplevendorftpd-Cross-siterequestforgery
链接:http://securityreason.com/achievement_securityalert/56
来源:SECUNIA
名称:33413
链接:http://secunia.com/advisories/33413
来源:SECUNIA
名称:33261
链接:http://secunia.com/advisories/33261
来源:SECUNIA
名称:31930
链接:http://secunia.com/advisories/31930
来源:bugs.proftpd.org
链接:http