DoS in Crackalaka 1.0.8

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: DoS in Crackalaka 1.0.8
From: "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
Date: Fri, 9 Apr 2004 12:58:37 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

                           Donato Ferrante


Application:  Crackalaka
              http://www.stalphonsos.com/~attila/crackalaka

Version:      1.0.8

Bug:          Denial Of Service

Date:         09-Apr-2004

Author:       Donato Ferrante
              e-mail: fdonato@xxxxxxxxxxxxx
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's description:

"Crackalaka is a small, standalone IRC server. 
It does not implement the inter-server portions of the IRC protocol,
and is meant for use by a small workgroup, preferably behind a
firewall."




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program is unable to manage a lot of not regular strings, in fact
it crashes.

The problem is in the function: hash_strcmp() of hash.c, in which
the program try to manage an unallocated sector of memory.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability try to send to the irc server some big and
unregular strings or more simply you can use:

nc [host] 6667 < /dev/urandom



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug will be probably fixed in the next version.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Prev by Date: DoS in Rsniff 1.0
Next by Date: Re: DoS in Rsniff 1.0
Previous by thread: Re: DoS in Rsniff 1.0
Next by thread: monit 4.1 POC
Index(es):
- Date
- Thread