secpod_flashget_ftp_pwd_bof_vuln_900203.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 191 行

NASL

191 行

################################################################################  FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability.##  Copyright: SecPod##  Date Written: 2008/08/18##  Revision: 1.1##  Log: veerendragg#  Issue #0128#  ------------------------------------------------------------------------#  This program was written by SecPod and is licensed under the GNU GPL #  license. Please refer to the below link for details,#  http://www.gnu.org/licenses/gpl.html#  This header contains information regarding licensing terms under the GPL, #  and information regarding obtaining source code from the Author. #  Consequently, pursuant to section 3(c) of the GPL, you must accompany the #  information found in this header with any distribution you make of this #  Program.#  ------------------------------------------------------------------------##############################################################################if(description){ script_id(900203); script_bugtraq_id(30685); script_copyright(english:"Copyright (C) 2008 SecPod"); script_version("Revision: 1.1 "); script_category(ACT_GATHER_INFO); script_family(english:"Denial of Service"); script_name(english:"FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability"); script_summary(english:"Check for FlashGet version"); desc["english"] = " Overview : This host is running FlashGet, which is prone to Remote Buffer  Overflow Vulnerability. Vulnerability Insight :        Error exist when handling overly long FTP PWD responses.        Impact : Successful exploitation will allow execution of arbitrary        code by tricking a user into connecting to a malicious ftp server. Impact Level : Application Affected Software/OS :        FlashGet 1.9 (1.9.6.1073) and prior versions on Windows (All). Fix : No solution/patch is available as on 18th August, 2008. Information regarding this issue will update once the solution details are available. For updates refer, http://www.flashget.com/index_en.htm References : http://osvdb.org/show/osvdb/47457 http://www.frsirt.com/english/advisories/2008/2381 CVSS Score :        CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)        CVSS Temporal Score : 6.1  Risk factor : High"; script_description(english:desc["english"]); script_dependencies("secpod_reg_enum.nasl"); script_require_keys("SMB/WindowsVersion"); exit(0);} include("smb_nt.inc"); if(!get_kb_item("SMB/WindowsVersion")){        exit(0); } name   =  kb_smb_name(); login  =  kb_smb_login(); pass   =  kb_smb_password(); domain =  kb_smb_domain(); port   =  kb_smb_transport(); if(!port) port = 139; if(!get_port_state(port))exit(0); soc = open_sock_tcp(port); if(!soc){        exit(0); } r = smb_session_request(soc:soc, remote:name); if(!r) {        close(soc);        exit(0); } prot = smb_neg_prot(soc:soc); if(!prot) {        close(soc);        exit(0); } r = smb_session_setup(soc:soc, login:login, password:pass,                       domain:domain, prot:prot); if(!r) {        close(soc);        exit(0); } uid = session_extract_uid(reply:r); r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$"); tid = tconx_extract_tid(reply:r); if(!tid) {        close(soc);        exit(0); } r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg"); if(!r) {        close(soc);        exit(0); } pipe = smbntcreatex_extract_pipe(reply:r); if(!pipe) {        close(soc);        exit(0); } r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe); if(!r) {        close(soc);        exit(0); } handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe); if(!handle) {        close(soc);        exit(0); } handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe); if(!handle) {        close(soc);        exit(0); } key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; key_h = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe,                          key:key, reply:handle); if(!key_h) {	close(soc); 	exit(0); }  enumKeys = registry_enum_key(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:key_h); foreach entry (enumKeys) {	# 1.8.x or older 	if("FlashGet(Jetcar)" >< entry || "FlashGet(JetCar)" >< entry)	{		security_hole(0); 		exit(0);	} 	if("FlashGet" >< entry)	{		flashVer = registry_get_sz(item:"DisplayVersion", key:key + entry); 		if(flashVer)		{			# Grep for <= 1.9.6.1073 (1.9 series)			if(egrep(pattern:"^(1\.9|1\.9\.[0-5](\..*)?|1\.9\.6(\." + 					 "(0?[0-9]?[0-9]?[0-9]|10[0-6][0-9]" + 					 "|107[0-3]))?)$",		                 string:flashVer)){        			security_hole(0);		 	}		} 		exit(0);	} }

secpod_flashget_ftp_pwd_bof_vuln_900203.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 secpod_flashget_ftp_pwd_bof_vuln_900203.nasl 源码文件，采用 NASL 编程语言编写，共 191 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?