apache-ftpserver修复Spring CVE-2024-38819 CVE-2024-38816漏洞

1.下载apache-ftpserver1.2.0

https://archive.apache.org/dist/mina/ftpserver/1.2.0/apache-ftpserver-1.2.0-bin.tar.gz

2.Spring  CVE-2024-38819 CVE-2024-38816修复jar 包调研（deepseek问一下）

下载 Spring 6.2.7 JAR 包
spring-core-6.2.7.jar
spring-beans-6.2.7.jar
spring-context-6.2.7.jar
spring-aop-6.2.7.jar
spring-expression-6.2.7.jar

手动下载上面的jar包
https://repo1.maven.org/maven2/org/springframework/

3.替换apache-ftpserver1.2.0 jar 包 2.5.5删除，6.2.7放进去

版本自己看下
./apache-ftpserver-1.2.0/common/lib/spring-*

4. 文件配置添加jdk17 apache-ftpserver-1.2.0/bin/ftpd.sh　

#第二行添加jdk17路径，自己根据实际情况调整
export JAVA_HOME=/usr/local/ccdt/jdk-17.0.12
export PATH=$JAVA_HOME/bin:$PATH

5.添加启动、停止重启脚本

#apache-ftpserver-1.2.0/bin/路径下面

[root@pre-ads-06 bin]# cat start.sh
#!/bin/sh
BINDIR=`dirname $0`

if [ -n "$BINDIR" ] ; then
    BINDIR=`cd $BINDIR > /dev/null 2>&1 && pwd`
fi

count=`ps -ef|grep $BINDIR|grep -v "grep"|wc -l`
if [ $count -gt 0 ];then
        echo "Ftp Service Existed!"
else
        chmod 755 *.sh
        $BINDIR/ftpd.sh res/conf/ftpd-typical.xml &
        echo "Ftp Service Started"
fi

[root@pre-ads-06 bin]# cat stop.sh
#!/bin/sh
cd `dirname $0`
jsDir=`pwd`
count=`ps -ef|grep $jsDir|grep -v "grep"|wc -l`
if [ $count -gt 0 ];then
        ps -ef|grep $jsDir|grep -v "grep"|awk '{print $2}'|xargs kill -9
        echo "Ftp Service Stopped"
else
        echo "Ftp Service Not Exist!"
fi

[root@pre-ads-06 bin]# cat restart.sh
#!/bin/sh
./stop.sh
./start.sh

6.修改apache-ftpserver-1.2.0/res/conf  ftpd-typical.xml（不修改起不来）  users.properties（用户）文件

#<file-user-manager file="./res/conf/users.properties" encrypt-passwords="clear"/>   clear明文去掉就是md5

[root@pre-ads-06 conf]# cat ftpd-typical.xml
<?xml version="1.0" encoding="UTF-8"?>
<server xmlns="http://mina.apache.org/ftpserver/spring/v1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://mina.apache.org/ftpserver/spring/v1
      http://mina.apache.org/ftpserver/ftpserver-1.0.xsd"
      id="myServer"
      max-logins="100"
      anon-enabled="false"
      max-anon-logins="0"
      max-login-failures="3"
      login-failure-delay="3000" >
<listeners>
  <nio-listener name="default" port="2121">
      <ssl>
              <keystore file="./res/ftpserver.jks" password="password" />
          </ssl>
  </nio-listener>
</listeners>
<file-user-manager file="./res/conf/users.properties"/>
</server>


[root@pre-ads-06 conf]# cat users.properties
# Password is "admin"
ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
ftpserver.user.admin.homedirectory=/usr/local/ccdt/apache-ftpserver-1.0.6/res/home
ftpserver.user.admin.enableflag=true
ftpserver.user.admin.writepermission=true
ftpserver.user.admin.maxloginnumber=0
ftpserver.user.admin.maxloginperip=0
ftpserver.user.admin.idletime=0
ftpserver.user.admin.uploadrate=0
ftpserver.user.admin.downloadrate=0

#密码 配置新的用户
ftpserver.user.ftpadmin.userpassword=123456
#主目录，这里可以自定义自己的主目录
ftpserver.user.ftpadmin.homedirectory=./res/home
#当前用户可用
ftpserver.user.ftpadmin.enableflag=true
#具有上传权限
ftpserver.user.ftpadmin.writepermission=true
#最大登陆用户数为20
ftpserver.user.ftpadmin.maxloginnumber=20
#同IP登陆用户数为2
ftpserver.user.ftpadmin.maxloginperip=20
#空闲时间为300秒
ftpserver.user.ftpadmin.idletime=300
#上传速率限制为480000字节每秒
ftpserver.user.ftpadmin.uploadrate=48000000
#下载速率限制为480000字节每秒
ftpserver.user.ftpadmin.downloadrate=48000000

#7.ftp  172.16.135.45 2121 登录测试　　

apache-ftpserver-1.2.0/bin/start.sh