CVE-2002-0221
CVSS5.0
发布时间 :2002-05-16 00:00:00
修订时间 :2008-09-10 20:00:44
NMCOS    

[原文]Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV.


[CNNVD]Etype EServ被动模式拒绝服务攻击漏洞(CNNVD-200205-012)

        
        EType EServ提供多种网络服务,比如Mail、News、Web、FTP以及Proxy Server,运行于微软Windows 9x/NT/2000系统。
        EServ FTP server存在一个拒绝服务攻击漏洞,如果向它发送大量PASV命令,最终将导致服务器不再接受PASV命令。
        EServ FTP server接受PASV命令后在[1024, 5000]这个范围内分配端口进行侦听,但是它没有关闭所创建的套接字。如果攻击者提交了足够多的PASV命令,最终导致所有可用端口耗尽,无法接受新的PASV命令。必须重启服务才能恢复正常。更遭糕的是,EServ FTP server设计成在USER/PASS验证完成前就可以接受PASV命令。
        事实上EServ FTP server还存在另外一个问题,它易遭受FTP bounce攻击,完全没有限制PORT命令所能指定的IP、PORT值。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0221
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0221
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-012
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/8020.php
(VENDOR_ADVISORY)  XF  eserv-pasv-dos(8020)
http://online.securityfocus.com/archive/1/252944
(VENDOR_ADVISORY)  BUGTRAQ  20020129 Vulnerabilities in EServ 2.97
http://www.securityfocus.com/bid/3983
(UNKNOWN)  BID  3983

- 漏洞信息

Etype EServ被动模式拒绝服务攻击漏洞
中危 其他
2002-05-16 00:00:00 2005-10-20 00:00:00
远程  
        
        EType EServ提供多种网络服务,比如Mail、News、Web、FTP以及Proxy Server,运行于微软Windows 9x/NT/2000系统。
        EServ FTP server存在一个拒绝服务攻击漏洞,如果向它发送大量PASV命令,最终将导致服务器不再接受PASV命令。
        EServ FTP server接受PASV命令后在[1024, 5000]这个范围内分配端口进行侦听,但是它没有关闭所创建的套接字。如果攻击者提交了足够多的PASV命令,最终导致所有可用端口耗尽,无法接受新的PASV命令。必须重启服务才能恢复正常。更遭糕的是,EServ FTP server设计成在USER/PASS验证完成前就可以接受PASV命令。
        事实上EServ FTP server还存在另外一个问题,它易遭受FTP bounce攻击,完全没有限制PORT命令所能指定的IP、PORT值。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时停止使用EServ FTP server。
        厂商补丁:
        Etype
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Etype在EServ FTP 2.98中修正了该问题:
        Etype Upgrade Eserv3123
        ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3123.zip

- 漏洞信息

12081
Etype Eserv PASV Command Saturation DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-29 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Etype EServ Passive Mode Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 3983
Yes No
2002-01-29 12:00:00 2009-07-11 09:56:00
Discovered and posted to Bugtraq by Arne Vidstrom <arne.vidstrom@ntsecurity.nu>.

- 受影响的程序版本

Etype Eserv 2.97
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Etype Eserv 2.98
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional

- 不受影响的程序版本

Etype Eserv 2.98
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional

- 漏洞讨论

EType EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems.

There is an exploitable denial of service vulnerability in EServ FTP server. It is possible to cause the server to stop accepting passive mode commands. This is accomplished by sending a large number of 'PASV' requests.

In the event that the affected service crashes, it will have to be restarted in order to regain normal functionality.

This vulnerability does not require any user authentication to exploit.

- 漏洞利用

No exploit code is required.

- 解决方案

Etype has addressed this issue in EServ FTP 2.98:


Etype Eserv 2.97

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站