|
|
ru.nethack- RU.NETHACK ------------------------------------------------------------------- From : Maksim Miheev 2:5029/28.4 17 Jul 2004 01:47:50 To : All Subject : что тут можно ... --------------------------------------------------------------------------------
Port 21
Description A remotely exploitable buffer overrun vulnerability has been
reported in ProFTPD. This issue could be triggered if an attacker uploads a
malformed file and then that file is downloaded in ASCII mode. Successful
exploitation will permit a malicious FTP user with upload access to execute
arbitrary code in the context of the FTP server. It is also reported that
ProFTPD does not adequately drop privileges in some circumstances, which may
compound the risks associated with exploitation. This issue could also affect
versions prior to 1.2.7, though this has not been confirmed.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CAN-2003-0831
Bugtraq ID 8679
FTP Servers: ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
Port 21
Description A remotely exploitable buffer overrun vulnerability has been
reported in ProFTPD. This issue could be triggered if an attacker uploads a
malformed file and then that file is downloaded in ASCII mode. Successful
exploitation will permit a malicious FTP user with upload access to execute
arbitrary code in the context of the FTP server. It is also reported that
ProFTPD does not adequately drop privileges in some circumstances, which may
compound the risks associated with exploitation. This issue could also affect
versions prior to 1.2.7, though this has not been confirmed.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CAN-2003-0831
Bugtraq ID 8679
FTP Servers: ProFTPD SQL Injection mod_sql Vulnerability
Port 21
Description ProFTPD has been reported prone to SQL injection attacks.
Specifically, ProFTPD versions that use the mod_sql module to manipulate
PostgreSQL databases are prone to SQL injection attacks. The vulnerability
occurs due to insufficient sanitization of user-supplied data when logging onto
the FTP server.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CVE-MAP-NOMATCH
Bugtraq ID 7974
FTP Servers: ProFTPD SQL Injection mod_sql Vulnerability
Port 21
Description ProFTPD has been reported prone to SQL injection attacks.
Specifically, ProFTPD versions that use the mod_sql module to manipulate
PostgreSQL databases are prone to SQL injection attacks. The vulnerability
occurs due to insufficient sanitization of user-supplied data when logging onto
the FTP server.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CVE-MAP-NOMATCH
Bugtraq ID 7974
FTP Servers: ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
Port 21
Description A remotely exploitable buffer overrun was reported in ProFTPD. This
issue is due to insufficient bounds checking of user-supplied data in the
_xlate_ascii_write() function, permitting an attacker to overwrite two bytes
memory adjacent to the affected buffer. This may potentially be exploited to
execute arbitrary code in the context of the server. This issue may be triggered
when submitting a RETR command to the server.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CVE-MAP-NOMATCH
Bugtraq ID 9782
FTP Servers: ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
Port 21
Description A remotely exploitable buffer overrun was reported in ProFTPD. This
issue is due to insufficient bounds checking of user-supplied data in the
_xlate_ascii_write() function, permitting an attacker to overwrite two bytes
memory adjacent to the affected buffer. This may potentially be exploited to
execute arbitrary code in the context of the server. This issue may be triggered
when submitting a RETR command to the server.
Risk level High
How to fix Upgrade to the current version of ProFTPD Server.
ProFTPD Homepage. ftp://ftp.proftpd.org/
CVE CVE-MAP-NOMATCH
Bugtraq ID 9782
Web Servers: The list of scripts
Port 80
Description Found scripts on web site
Risk level Information
How to fix
Scripts http://сканиpуемый хост /catalog.php?ac=1
CVE GENERIC-MAP-NOMATCH
Mail Servers: SMTP without AuthLogin
Port 25
Description An SMTP service supports SMTP without AuthLogin.
Risk level Low
How to fix Install authlogin.
Ports 3-4
389: LDAP - Lightweight Directory Access Protocol
Description No More Details Available
21: FTP - File Transfer Protocol [Control]
TCP Banner 220 ProFTPD 1.2.9 Server (ftp.сканиpованный хост .ru) [ip]
TCP Protocols FTP
SYST 215 UNIX Type: L8
80: WWW-HTTP - World Wide Web HTTP (Hyper Text Transfer Protocol)
TCP Protocols HTTP
Version HTTP/1.1
Server Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2
mod_bwlimited/1.4 PHP/4.3.6 FrontPage/5.0.2.2634a mod_ssl/2.8.18 OpenSSL/0.9.7a
25: SMTP - Simple Mail Transfer Protocol
TCP Banner 220-venus.elunico.biz ESMTP Exim 4.34 #1 Fri, 16 Jul 2004 21:26:33
+0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
TCP Protocols SMTP
53: DOMAIN - Domain Name Server
version.bind 9.2.1
143: IMAP - Interim Mail Access Protocol v2
TCP Banner * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS AUTH=LOGIN] [ip]
IMAP4rev1 2003.339-cpanel at Fri, 16 Jul 2004 21:26:31 +0000 (UTC)
Я так понял, что можно заюзать 21 поpт, либо пpосмотpеть список скpиптов и чеpез
них попытаться. Помогите pазобpаться, опыта маловато... может эксплоит кто
подкинет или ещё что-нибудь...
Bye
--- FIPS/Phoenix <build 01.12>
* Origin: A bove majore discit arare minor (2:5029/28.4)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
Архивное /ru.nethack/280740f84d06.html, оценка из 5, голосов 10
|