Lucene search
K

Cogent DataHub 7.1.1.63 - Integer Overflow

🗓️ 14 Sep 2011 00:00:00Reported by Luigi AuriemmaType 
exploitpack
 exploitpack
👁 36 Views

Cogent DataHub 7.1.1.63 - Integer Overflow in Windows platform. Server listens on port 80 with a custom web server, leading to an integer overflow due to allocation of memory specified by Content-Length

Code
#######################################################################

                             Luigi Auriemma

Application:  Cogent DataHub
              http://www.cogentdatahub.com/Products/Cogent_DataHub.html
Versions:     <= 7.1.1.63
Platforms:    Windows
Bug:          integer overflow
Exploitation: remote
Date:         13 Sep 2011
Author:       Luigi Auriemma
              e-mail: [email protected]
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


DataHub is a software for the SCADA and automation sector.


#######################################################################

======
2) Bug
======


The server/service listens on port 80 using a custom web server.

The software is affected by an integer overflow caused by the
allocation of the amount of memory specified by the Content-Length
field (-1 or 4294967295) plus one resulting in a buffer of zero bytes.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/cogent_3.dat
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17839.dat

  nc SERVER 80 < cogent_3.dat


#######################################################################

======
4) Fix
======


No fix.


#######################################################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation