← Advisories

JDKChat v1.5 Remote Integer Overflow PoC

High

Advisory ID

ZSL-2009-4908

Release Date

12 March 2009

Vendor

J.D. Koftinoff Software, ltd. - http://www.jdkoftinoff.com

Affected Version

1.5

CVE

N/A

Tested On

Gentoo, Ubuntu, Debian

Summary

JDKChat is a simple C++ chat server for GNU/Linux systems. Users can connect to it through a simple tcp client like telnet.

Description

JDKChat is prone to a remote integer-overflow vulnerability. A remote attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

aleks@tux ~ $ telnet 192.168.0.1 7777 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. Welcome To jdkchat v1.5 by J.D. Koftinoff Software, Ltd. http://www.jdkoftinoff.com/ and modified by Aditya Godbole ([email protected]) Commands available: /who -- (list all users along with their connection numbers) /exit -- (exit chat room) /local -- (toggle local mode for your telnet session) /[connection number] message -- (send private message to user at specified connection number) JDKCHAT: Aleks just entered the room. JDKCHAT: Users = Aleks:0 Aleks > // And after we run the PoC : JDKCHAT: PwNzOr just entered the room. Aleks >Connection closed by foreign host. aleks@tux ~ $

Proof of Concept

jdkchat_poc.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Aleksandar Lazarov

References

[1]http://www.milw0rm.com/exploits/8205

[2]http://www.packetstormsecurity.org/filedesc/jdkchat-overflow.txt.html

[3]http://www.securityfocus.com/bid/34102

[4]http://securityreason.com/exploitalert/5860

[5]http://www.bugsearch.net/en/8333/JDKChat

Changelog

12.03.2009Initial release