Sami FTP Server 用户认证 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195102 漏洞类型 缓冲区溢出
发布时间 2006-05-05 更新时间 2006-10-05
CVE编号 CVE-2006-2212 CNNVD-ID CNNVD-200605-112
漏洞平台 N/A CVSS评分 6.4
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050039
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-112
|漏洞详情
SamiFTPServer是瑞典KarjaSoft公司的一款小巧并易于使用的FTP服务器软件。该软件具有界面简单易操作、支持虚拟目录等特点。SamiFTPServer在处理用户连接到服务器时所提供的用户名和口令时存在溢出漏洞,允许用户通过一些命令向缓冲区传送超长的参数,成功利用这个漏洞的攻击者可以远程执行任意指令。
|漏洞EXP
REWTERZ-20060504 - Sami FTP Server Remote Buffer Overflow Vulnerability

Release Date:
May 4, 2006

Severity:
High (Remote Code Execution)

Vendor:
KarjaSoft

Software Affected:
Sami FTP Server v2.0.2 and before

Operating Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000
Windows XP
Windows 2003

Overview:
rewterz has discovered a critical vulnerability in Sami FTP Server. This vulnerability may allow a remote attacker to overwrite memory with user controlled data and execute arbitrary code in the context of the user who executed the Sami FTP Server.

Technical Details:
This vulnerability exists in the handling of both username and password input provided by the user while making connection to FTP server. We chose not to provide detailed information about the location of the vulnerability and how to reproduce it because the author hasn't confirmed this vulnerability. We can pass a long argument with some commands into a buffer. There is no checking of the length of these inputs. Depending on the input, this will cause exploitable condition.

We have confirmed the ability to execute our own code. This is a common buffer overflow vulnerability and can be exploited easily.

Credit:
Discovery: Muhammad Ahmed Siddiqui

Greetings:
c0ntex

Copyright (c) 2003-2006 rewterz
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of rewterz.

Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
|参考资料

来源:XF
名称:sami-ftp-auth-bo(26254)
链接:http://xforce.iss.net/xforce/xfdb/26254
来源:BID
名称:17835
链接:http://www.securityfocus.com/bid/17835
来源:BUGTRAQ
名称:20060504[REWTERZ-20060504]-SamiFTPServerRemoteBufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/432944/100/0/threaded
来源:OSVDB
名称:25670
链接:http://www.osvdb.org/25670
来源:SECTRACK
名称:1016031
链接:http://securitytracker.com/id?1016031
来源:SREASON
名称:842
链接:http://securityreason.com/securityalert/842