|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7854 Credit : Nicob Date : 24.02.2010 Exploit Code : [=] Affected software : Name : Kojoney Description : Low interaction SSH honeypot Version : < 0.0.4.2 Service : TCP/22 [=] Patched version : http://sourceforge.net/projects/kojoney/files/kojoney-0.0.4.2.tar.gz/downlo ad [=] Technical details : Emulation of the wget and curl commands is made via calls to urllib.urlopen(url). The only sanity check is the following : if url.find("://") == -1: url = "http://" + url This will catch some attempts to access local files like "file:/etc/hosts" but requesting "file://localhost/foo/bar" is still possible. Under Linux, this can be used to access "file://localhost/dev/urandom". The kojoney.py process will then use 100% of CPU and will grow in memory, until killed by the kernel OOM Killer. [=] Note : When exploiting urlopen() related vulnerabilities in Python applications, some little known features can come handy : data://,HelloWorld => returned value is "HelloWorld" data:text;base64,WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELU FOVElWSVJVUy1URVNULUZJTEUhJEgrSCo=://a => returned value is the EICAR test string And yes, these strings too bypass the "://" Kojoney check ;-) Nicob  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |