Crackalaka IRC服务器远程服务拒绝漏洞-安全小百科

Crackalaka IRC服务器远程服务拒绝漏洞

漏洞ID	1107862	漏洞类型	其他
发布时间	2004-04-09	更新时间	2005-10-20
CVE编号	CVE-2004-1919	CNNVD-ID	CNNVD-200404-007
漏洞平台	Linux	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/23943
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-007

|漏洞详情

Crackalaka1.0.8版本的hasch.c中hash_strcmp函数存在漏洞。远程攻击者借助超大的畸形字符串导致服务拒绝（崩溃）。

|漏洞EXP

source: http://www.securityfocus.com/bid/10092/info

It has been reported that Crackalaka may be prone to a remote denial of service vulnerability that may allow an attacker to crash the server by sending an excessive amount of data.

Crackalaka version 1.0.8 is reported to be prone to this issue, however, other versions could be vulnerable as well. 

nc [host] 6667 < /dev/urandom

|参考资料

来源:XF
名称:crackalaka-hashstrcmp-dos(15824)
链接:http://xforce.iss.net/xforce/xfdb/15824
来源:BID
名称:10092
链接:http://www.securityfocus.com/bid/10092
来源:SECUNIA
名称:11340
链接:http://secunia.com/advisories/11340
来源:BUGTRAQ
名称:20040409DoSinCrackalaka1.0.8
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108152479316967&w;=2

相关推荐: AIX setsenv Buffer Overflow Vulnerability

AIX setsenv Buffer Overflow Vulnerability 漏洞ID 1103635 漏洞类型 Boundary Condition Error 发布时间 2000-12-01 更新时间 2000-12-01 CVE编号 N/A CNN…

文章版权归作者所有，未经允许请勿转载。

THE END