|
|
SpoonFTP 存在反弹类型攻击
发布时间:2002-01-24
更新时间:2002-01-24
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:3910
受影响系统Pi-Soft SpoonFTP 1.1.0.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Pi-Soft SpoonFTP 1.00.13
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Pi-Soft SpoonFTP 1.00.12
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Pi-Soft SpoonFTP 1.0
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Pi-Soft SpoonFTP 1.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
not vulnerable Pi-Soft SpoonFTP 1.2
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 2000 Workstation SP3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6a 详细描述
SpoonFTP 是一款WINDOWS下的FTP服务程序。
SpoonFTP 存在FTP反弹类型攻击,攻击者登陆到FTP服务器后可以使用PORT命令
连接远程主机任意端口。导致攻击者使用这个FTP服务器作为一个代理服务器。
测试代码
见描述
解决方案
升级程序如下:
Pi-Soft SpoonFTP 1.1.0.1:
Pi-Soft Upgrade sftp.exe
http://www.pi-soft.com/spoonftp/sftp.exe
Pi-Soft SpoonFTP 1.00.13:
Pi-Soft Upgrade sftp.exe
http://www.pi-soft.com/spoonftp/sftp.exe
Pi-Soft SpoonFTP 1.00.12:
Pi-Soft Upgrade sftp.exe
http://www.pi-soft.com/spoonftp/sftp.exe
Pi-Soft SpoonFTP 1.0:
Pi-Soft Upgrade sftp.exe
http://www.pi-soft.com/spoonftp/sftp.exe
Pi-Soft SpoonFTP 1.1:
Pi-Soft Upgrade sftp.exe
http://www.pi-soft.com/spoonftp/sftp.exe
相关信息
"Arne Vidstrom" <arne.vidstrom@ntsecurity.nu>.
参考:http://www.securityfocus.com/archive/1/251422
相关主页:http://www.pi-soft.com/index.shtml
|
