Group Logic ExtremeZ-IP File/Print Servers ExtremeZ-IP.exe 拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114531 漏洞类型 数字错误
发布时间 2008-02-10 更新时间 2008-09-05
CVE编号 CVE-2008-0767 CNNVD-ID CNNVD-200802-267
漏洞平台 Hardware CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/31132
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-267
|漏洞详情
ExtremeZ-IPFileandPrintServer5.1.2x15以及之前的版本中的ExtremeZ-IP.exe不验证一个特定的"numberofURLs"字段是否与信息包的长度一致,这使得远程攻击者可以借助该字段中的一个大的整数值引起拒绝服务攻击(后台程序崩溃)。该字段存在于发送给UPD427端口上的ServiceLocationProtocol(SLP)service的信息包中。它会导致超范围读取(out-of-boundsread)。
|漏洞EXP
source: http://www.securityfocus.com/bid/27718/info

ExtremeZ-IP File and Print servers are prone to multiple vulnerabilities including denial-of-service and information-disclosure issues.

Attackers can exploit these issues to cause denial-of-service conditions or to obtain potentially sensitive information.

These issues affect versions prior to ExtremeZ-IP File Server 5.1.2x15 and ExtremeZ-IP Print Server 5.1.2x15. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/31132.zip
|参考资料

来源:VUPEN
名称:ADV-2008-0485
链接:http://www.frsirt.com/english/advisories/2008/0485
来源:SECUNIA
名称:28862
链接:http://secunia.com/advisories/28862
来源:MISC
链接:http://aluigi.org/poc/ezipirla.zip
来源:MISC
链接:http://aluigi.altervista.org/adv/ezipirla-adv.txt
来源:BID
名称:27718
链接:http://www.securityfocus.com/bid/27718
来源:BUGTRAQ
名称:20080211MultiplevulnerabilitiesinEztremeZ-IPFileandPrinterServer5.1.2x15
链接:http://www.securityfocus.com/archive/1/archive/1/487952/100/0/threaded
来源:www.grouplogic.com
链接:http://www.grouplogic.com/files/ez/hot/hotFix51.cfm