Crackalaka IRC服务器远程服务拒绝漏洞

Crackalaka IRC服务器远程服务拒绝漏洞

漏洞ID 1107862 漏洞类型 其他
发布时间 2004-04-09 更新时间 2005-10-20
图片[1]-Crackalaka IRC服务器远程服务拒绝漏洞-安全小百科CVE编号 CVE-2004-1919
图片[2]-Crackalaka IRC服务器远程服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200404-007
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23943
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-007
|漏洞详情
Crackalaka1.0.8版本的hasch.c中hash_strcmp函数存在漏洞。远程攻击者借助超大的畸形字符串导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/10092/info

It has been reported that Crackalaka may be prone to a remote denial of service vulnerability that may allow an attacker to crash the server by sending an excessive amount of data.

Crackalaka version 1.0.8 is reported to be prone to this issue, however, other versions could be vulnerable as well. 

nc [host] 6667 < /dev/urandom
|参考资料

来源:XF
名称:crackalaka-hashstrcmp-dos(15824)
链接:http://xforce.iss.net/xforce/xfdb/15824
来源:BID
名称:10092
链接:http://www.securityfocus.com/bid/10092
来源:SECUNIA
名称:11340
链接:http://secunia.com/advisories/11340
来源:BUGTRAQ
名称:20040409DoSinCrackalaka1.0.8
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108152479316967&w;=2

相关推荐: AIX setsenv Buffer Overflow Vulnerability

AIX setsenv Buffer Overflow Vulnerability 漏洞ID 1103635 漏洞类型 Boundary Condition Error 发布时间 2000-12-01 更新时间 2000-12-01 CVE编号 N/A CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享