ElectroSystems Engineering Inc. ElectroComm服务拒绝

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106332 漏洞类型 未知
发布时间 2001-05-07 更新时间 2006-04-07
CVE编号 CVE-2001-0563 CNNVD-ID CNNVD-200108-043
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20834
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-043
|漏洞详情
ElectroSystemsEngineeringInc.ElectroComm2.0及其早期版本存在漏洞。远程攻击者借助发送至端口23的超大(>160000字符)串导致服务拒绝。
|漏洞EXP
source: http://www.securityfocus.com/bid/2706/info

ElectroComm is a telnet-comm port server for Windows 9x/NT, allowing users to connect a PC's comm port to a TCP/IP network and login remotely using Telnet.

An attacker can execute a denial of service attack on ElectroComm by submitting two groups of approximately 160,000 characters to the target's telnet port.

This increases CPU utilization to 100%, then crashes the service, which requires a restart. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/20834.zip
|参考资料

来源:XF
名称:electrocomm-telnet-dos(6514)
链接:http://xforce.iss.net/static/6514.php
来源:BID
名称:2706
链接:http://www.securityfocus.com/bid/2706
来源:BUGTRAQ
名称:20010507AdvisoryforElectrocomm2.0
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html