Skype未明漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189379 漏洞类型 未知
发布时间 2007-08-20 更新时间 2007-08-20
CVE编号 CVE-2007-4429 CNNVD-ID CNNVD-200708-323
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/85447
https://cxsecurity.com/issue/WLB-2007080099
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-323
|漏洞详情
Skype中存在未明漏洞。远程攻击者可以借助与发送超长URIs相关的未知向量,造成拒绝服务(服务器悬挂)。
|漏洞EXP
Hi all!

On SecurityLab.ru forum an exploit code was published by an anonymous user. 
Reportedly it must have caused Skype massive disconnections today.

The PoC uses standard Skype client to call to a specific number. This call 
causes denial of service of current Skype server and forces Skype to 
reconnect to another server. The new server also "freezes" and so on ... the 
entire network.

Liks: http://www.securitylab.ru/news/301422.php

PoC: http://en.securitylab.ru/poc/301420.php

Best regards,

Valery Marchuk

www.SecurityLab.ru
|受影响的产品
Skype Technologies Skype 0
|参考资料

来源:MISC
链接:http://www.securitylab.ru/news/301422.php
来源:BUGTRAQ
名称:20070820Re[2]:SkypeNetworkRemoteDoSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/477240/100/0/threaded
来源:BUGTRAQ
名称:20070820RE:SkypeNetworkRemoteDoSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/477178/100/0/threaded
来源:BUGTRAQ
名称:20070820Re:SkypeNetworkRemoteDoSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/477156/100/0/threaded
来源:BUGTRAQ
名称:20070817SkypeNetworkRemoteDoSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/476942/100/0/threaded
来源:SREASON
名称:3032
链接:http://securityreason.com/securityalert/3032
来源:MISC
链接:http://heartbeat.skype.com/2007/08/where_we_are_at_1100_gmt.html
来源:MISC
链接:http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html
来源:MISC
链接:http://en.securitylab.ru/poc/extra/301419.php
来源:MISC
链接:http://en.securitylab.ru/poc/301420.php
来源:MISC
链接:http://blogs.csoonline.com/the_skype_mystery_why_blame_the_august_windows_updates