Gracebyte Network Assistant 3.x has been found susceptible to a denial of service attack.
5bbd512bc0dac550aa8835f61964fc5fc59612860368511ad276ce845d596e05oooo oooo oooooooo8 ooooooooooo
8888o 88 888 88 888 88
88 888o88 888oooooo 888
88 8888 888 888
o88o 88 o88oooo888 o888o
********************************
**** Network security team *****
********* nst.e-nex.com ********
********************************
* Title: All version <= Network Assistant 3.2 build 2260
* Bug found by: : Ãðèíâóä
* Date: 6.01.2005
* Influence: DoS
* URL: www.gracebyte.com
********************************
Åñëè ïîñëàòü UDP ïàêåò íà ïîðò (50138 ïî óìîë÷àíèþ äëÿ Nasi) âåðíîé
êîíòðîëüíîé ñóììû, íî ñ èñêàæ¸ííûì ñîäåðæàíèåì ïîëåé â Nasi âîçíèêàåò DoS.
Åñëè ïîñëå ýêñïëóàòàöèè æåðòâà çàïóñòèò åù¸ ðàç Nasi, òî ïîáî÷íûì ýôôåêòîì
ýêñïëóàòàöèè áóäåò èñêàæåííûé ñïèñîê íèêîâ.
Ïðèìåð ñîäåðæàíèÿ DoS ïàêåòà:
0 E O?a }a??2? ???? ;K?3 AB??LL¶?®‡??…?f,s5•??°?S ?e??B?« adcJ?“?s???;
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Ïðèìåð ðåàëèçàöèè ñìîòðèòå â ðàçäåëå ýêñïëîèòû íà íàøåé âåá ñòðàíèöå.
If you send true package on Nasi UDP port (50138 default for Nasi) and
true cheksum but deformed fields Nasi have a DoS.
If run Nasi after explotation you see not all list nicks.
Example of content DoS pocket see above.
Proof of concept code see in section expoits on our web page.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed