halocon-adv.txt

halocon-adv.txt: Posted Jan 18, 2005; Authored by Luigi Auriemma | Site aluigi.altervista.org; Halocon versions 2.0.0.81 and below suffer from a denial of service when having been sent an empty UDP packet.; tags | advisory, denial of service, udp; SHA-256 | c9c862ed402476055d48c3162a680de7d913f84528de753e0fb48ac9ade9ff7e; Download | Favorite | View

halocon-adv.txt

#######################################################################

                             Luigi Auriemma

Application:  Halocon
              no website currently working, however should be
              http://www.zaboo.net
Versions:     <= 2.0.0.81 (seems the latest available version)
Platforms:    Windows
Bug:          socket termination
Exploitation: remote, versus server
Date:         16 Jan 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Halocon is a remote server manager written by jazper
(http://www.zaboo.net).
It is no longer supported but some admins still use it.


#######################################################################

======
2) Bug
======


An empty UDP packet (zero bytes) leads to the automatic termination of
the Halocon server's socket.
So the admin will be no longer able to send remote commands to the
Halocon application.

Halocon uses the UdpPort part of the Ip*works! v5 library
(http://www.nsoftware.com) and in the first moment I thought this was
the cause of the bug (everything said that when I debugged the code)
but after the tests made by NSoftware and me on both v5 and v6 versions
we have seen this was wrong or partially wrong.
I don't know what specific build of Ip*works! is used by Halocon,
however I have preferred to note this little doubt.


#######################################################################

===========
3) The Code
===========


My Lithtech proof-of-concept is enough to send an empty UDP packet:

  http://aluigi.altervista.org/poc/lithsock.zip

Halocon works on port 2305 by default, so remember to specify it when
use the proof-of-concept.


#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

halocon-adv.txt

halocon-adv.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

halocon-adv.txt

Share This

halocon-adv.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems