Sun Java System Calendar Server重复URI请求拒绝服务漏洞
发布日期:2009-03-31
更新日期:2009-04-02
受影响系统:Sun Java System Calendar Server 6.3
描述:
BUGTRAQ ID:
34150
CVE(CAN) ID:
CVE-2009-1219
Sun Java System Calendar Server是Sun Java System通信套件中的日程服务器组件。
如果远程攻击者向Calendar Server连续两次发送特制的HTTP请求并在tzid参数中设置了字母字符的话,就会导致Calendar Server进程崩溃,可能留下类似于以下栈追踪的崩溃dump,具体取决于系统配置:
$ pstack core
...
...
----------------- lwp# 4 / thread# 4 --------------------
ff05ff40 shtml_finishlogin (6db6c10, 201f8, 6ee7e26, 6e7471ff, 80808080, 1010101) + 160
0001dff4 cmd_login (6db6c10, 1, 0, 687474, 80808080, 1010101) + 364
00017f78 cshttpd_post_cb (6db6c10, 2d26ad, 6f07dc0, 6d, 1, 2e000000) + 470
fed8ff88 cmd_post (6db6c10, 2d26ad, 6f07dc0, 6d, 6f07dc0, baddc800) + 1b8
fed8f2a8 cmd_exec (6db6c10, 4, 2, 0, 0, 0) + da8
fed8d8cc cmdloop (6db6c10, fa8bce9c, 2000, ff000000, 0, 0) + 3bc
fed8c4f0 sock_readable (6db6c10, 1000, fe7ecbc0, fc922400, 5b35bc, 0) + 2f0
feb45564 GDispCx_Dispatch (5b3544, 6f61c04, 6e6300c, fc922400, 5b3634, 0) + 174
feb45b78 GDispCx_InternalWork (6e6300c, fa8c0000, 0, 0, feb45798, 1) + 3e0
fe7c04f4 _lwp_start (0, 0, 0, 0, 0, 0)
...
...
<*来源:Core Security Technologies
链接:
http://secunia.com/advisories/34528/
http://marc.info/?l=bugtraq&m=123853308827367&w=2
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-255008-1
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
https://<server>:3443/?tzid=crash
建议:
厂商补丁:
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-255008)以及相应补丁:
Sun-Alert-255008:Security Vulnerability in Sun Java System Calendar Server 6.3 May Allow Denial of Service (DoS)
链接:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-255008-1浏览次数:3652
严重程度:0(网友投票)
