iCal远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107147 漏洞类型 边界条件错误
发布时间 2003-01-03 更新时间 2006-08-31
CVE编号 CVE-2003-1263 CNNVD-ID CNNVD-200312-396
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22117
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-396
|漏洞详情
iCal是一款基于WEB的日历系统,可用于显示会议,事件等详细时间安排。iCal对超长HTTP请求处理不正确,远程攻击者可以利用这个漏洞对iCal服务进行缓冲区溢出攻击,可能以WEB进程权限在系统上执行任意指令。攻击者可以提交超长HTTP请求而使服务发生访问冲突,精心构建提交数据可能以WEB进程权限在系统上执行任意指令。需要手工重新启动获得正常服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/6505/info

A denial of service vulnerability has been reported for iCal. The vulnerability occurs when iCal receives a specially formatted HTTP request. This will cause iCal to crash thereby leading to a denial of service.

Restarting the service is necessary to restore functionality. 

http//target/*
|参考资料

来源:BID
名称:6506
链接:http://www.securityfocus.com/bid/6506
来源:XF
名称:ical-icalexe-port-dos(10973)
链接:http://www.iss.net/security_center/static/10973.php
来源:BUGTRAQ
名称:20030103ical3.7remotedos
链接:http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html
来源:BID
名称:6505
链接:http://www.securityfocus.com/bid/6505
来源:NSFOCUS
名称:4148
链接:http://www.nsfocus.net/vulndb/4148