lftp Try_Netscape_Proxy远程缓冲区溢出漏洞
受影响系统:
Alexander V. Lukyanov lftp 2.6.9
Alexander V. Lukyanov lftp 2.6.8
Alexander V. Lukyanov lftp 2.6.7
Alexander V. Lukyanov lftp 2.6.6
Alexander V. Lukyanov lftp 2.6.5
Alexander V. Lukyanov lftp 2.6.4
Alexander V. Lukyanov lftp 2.6.3
Alexander V. Lukyanov lftp 2.6.0
Alexander V. Lukyanov lftp 2.5.2
Alexander V. Lukyanov lftp 2.3
Alexander V. Lukyanov lftp 2.4.9
- Mandrake Linux 8.2
- RedHat Linux 7.3
- RedHat Linux 7.2
不受影响系统:
Alexander V. Lukyanov lftp 2.6.10
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 9210
CVE(CAN) ID: CAN-2003-0963
[metaurhostname src]$ ./lftp -v
Lftp | Version 2.6.9 | Copyright (c) 1996-2002 Alexander V. Lukyanov
This is free software with ABSOLUTELY NO WARRANTY. See COPYING for details.
Send bug reports and questions to <lftpuniyar.ac.ru>.
[metaurhostname src]$ ./lftp
lftp :~> open http://localhost/buffy/
lftp localhost:/buffy> ls
Segmentation fault
[metaurhostname src]$ gdb lftp
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) r
Starting program: /none/of/your/business/lftp-2.6.9/src/lftp
lftp :~> open http://localhost/buffy/
lftp localhost:/buffy> ls
Program received signal SIGSEGV, Segmentation fault.
0x0808e22c in FileSet::FindGEIndByName(char const*) const ()
(gdb) bt
#0 0x0808e22c in FileSet::FindGEIndByName(char const*) const ()
#1 0x0808e2b1 in FileSet::FindByName(char const*) const ()
#2 0x080af550 in file_info::validate() ()
(gdb) i r
eax 0x55555555 1431655765
ecx 0x80e3af8 135150328
edx 0xb7f1b422 -1208896478
ebx 0x55555555 1431655765
esp 0xbfffeaa0 0xbfffeaa0
ebp 0xbfffeab8 0xbfffeab8
esi 0xbffff5c0 -1073744448
edi 0x55555555 1431655765
eip 0x808e22c 0x808e22c
eflags 0x210286 2163334
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x33 51
(gdb) quit
The program is running. Exit anyway? (y or n) y
[metaurhostname src]$