JDKChat v1.5 Remote Integer Overflow PoC
Title: JDKChat v1.5 Remote Integer Overflow PoC
Advisory ID: ZSL-2009-4908
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.03.2009
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[2] http://www.packetstormsecurity.org/filedesc/jdkchat-overflow.txt.html
[3] http://www.securityfocus.com/bid/34102
[4] http://securityreason.com/exploitalert/5860
[5] http://www.bugsearch.net/en/8333/JDKChat 1.5 Remote Integer Overflow PoC.html
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2009-4908
Type: Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 12.03.2009
Summary
JDKChat is a simple C++ chat server for GNU/Linux systems. Users can connect to it through a simple tcp client like telnet.Description
JDKChat is prone to a remote integer-overflow vulnerability. A remote attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users.--------------------------------------------------------------------------------
aleks@tux ~ $ telnet 192.168.0.1 7777
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
Welcome To jdkchat v1.5 by J.D. Koftinoff Software, Ltd.
http://www.jdkoftinoff.com/
and modified by Aditya Godbole (urwithaditya@gmx.net)
Commands available:
/who -- (list all users along with their connection numbers)
/exit -- (exit chat room)
/local -- (toggle local mode for your telnet session)
/[connection number] message -- (send private message to user at specified connection number)
JDKCHAT: Aleks just entered the room.
JDKCHAT: Users = Aleks:0
Aleks >
// And after we run the PoC :
JDKCHAT: PwNzOr just entered the room.
Aleks >Connection closed by foreign host.
aleks@tux ~ $
--------------------------------------------------------------------------------
Vendor
J.D. Koftinoff Software, ltd. - http://www.jdkoftinoff.comAffected Version
1.5Tested On
Gentoo, Ubuntu, DebianVendor Status
N/APoC
jdkchat_poc.plCredits
Vulnerability discovered by Aleksandar Lazarov - <aleks@zeroscience.mk>References
[1] http://www.milw0rm.com/exploits/8205[2] http://www.packetstormsecurity.org/filedesc/jdkchat-overflow.txt.html
[3] http://www.securityfocus.com/bid/34102
[4] http://securityreason.com/exploitalert/5860
[5] http://www.bugsearch.net/en/8333/JDKChat 1.5 Remote Integer Overflow PoC.html
Changelog
[12.03.2009] - Initial releaseContact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
