ProFTPD mod_tls预认证远程缓冲区溢出漏洞 CVE-2006-6170 CNNVD-200611-482
ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块mod_tls在处理用户认证时存在缓冲溢出漏洞,远程攻击者可能利用此漏洞完全控制服务器。 ProFTPD的mod_tls模块的tls_x509_name_oneline()函数中存在远程溢出漏洞,允许远程未经认证的攻击者获得root用户权限。漏洞相关的代码如下: contrib/mod_tls.c: \"\"\" static char *tls_x509_name_oneline(X509_NAME *x509_name) { static char buf[256] = {\'\'\0\'\'}; /* If we are using OpenSSL 0.9.6 or newer, we want to use * X509_NAME_print_ex() * instead of X509_NAME_oneline(). */ #if OPENSSL_VERSION_NUMBER < 0x000906000L memset( &buf, \'\'\0\'\', sizeof(buf)); return X509_NAME_oneline(x509_name, buf, sizeof(buf)); #else /* Sigh...do it the hard way. */ BIO *mem = BIO_new(BIO_s_mem()); char *data = NULL; long datalen = 0; int ok; if ((ok = X509_NAME_print_ex(mem, x509_name, 0, XN_FLAG_ONELINE))) [1] datalen = BIO_get_mem_data(mem, &data); if (data) { memset( &buf, \'\'\0\'\', sizeof(buf)); [2] memcpy(buf, data, datalen); buf[datalen] = \'\'\0\'\'; buf[sizeof(buf)-1] = \'\'\0\'\'; BIO_free(mem); return buf; } BIO_free(mem); return NULL; #endif /*...
