Novell NetWare服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105913 漏洞类型 未知
发布时间 2000-07-11 更新时间 2005-05-02
CVE编号 CVE-2000-0669 CNNVD-ID CNNVD-200007-027
漏洞平台 Novell CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20072
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200007-027
|漏洞详情
NovellNetWare5.0版本存在漏洞。远程攻击者可以通过伪造带随机数据的端口40193来导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/1467/info

When Novell Netware is configured with IPX-Compatibility enabled, it is vulnerable to a denial of service attack by sending packets with random data to port 40193. Similar results are possible by sending fragmented packets. This has been observed on Novell Netware 5.0 service pack 5, other versions may be vulnerable. 

This behaviour has also been reported on Novell Netware 6.0 service pack 1. 

It should be noted that configuration of Netware with IPX is not supported and it is not advised for production servers.

Using the tool 'netcat':

# cat /dev/urandom | nc XXX.XXX.XXX.XXX 40193
|参考资料

来源:BUGTRAQ
名称:20000711RemoteDenialOfService--NetWare5.0withSP5
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
来源:BID
名称:1467
链接:http://www.securityfocus.com/bid/1467