Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.DAMEWARE_MINI_REMOTE_CONTROL_OVERFLOW.NASL
HistorySep 01, 2005 - 12:00 a.m.

DameWare Mini Remote Control Pre-Authentication Remote Overflow

2005-09-0100:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
32

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.292

Percentile

96.9%

JSON

The remote host is running DameWare Mini Remote Control. The remote version of this software is affected by a buffer overflow vulnerability.

An attacker may be able to exploit this flaw by sending a specially crafted packet to the remote host.

A successful exploitation of this vulnerability would result in remote code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19553);
 script_version("1.21");
 script_cvs_date("Date: 2018/07/06 11:26:08");

 script_cve_id("CVE-2003-1030");
 script_bugtraq_id(9213);

 script_name(english:"DameWare Mini Remote Control Pre-Authentication Remote Overflow");
 script_summary(english:"Determines version of DameWare Mini Remote Control (Overflow)");
 
 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host is running DameWare Mini Remote Control.  The remote
version of this software is affected by a buffer overflow
vulnerability. 

An attacker may be able to exploit this flaw by sending a specially
crafted packet to the remote host. 

A successful exploitation of this vulnerability would result in remote
code execution.");
 script_set_attribute(attribute:"solution", value:
"Upgrade to version 3.73.0.0 or later");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploithub_sku", value:"EH-11-317");
 script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
 script_set_attribute(attribute:"vuln_publication_date", value:"2003/12/16");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/09/01");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:dameware:mini_remote_control");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");

 script_require_ports(6129, "Services/dameware");
 script_dependencies("find_service2.nasl");
 exit(0);
}

function inverse(data)
{
 local_var tmp, i;

 tmp = NULL;

 for (i=0; i<strlen(data);i++)
    tmp += data[strlen(data)-(i+1)];

 return tmp;
}


function create_mask (size)
{
 local_var mask, i;

 mask = 0;

 for (i=0; i<size; i++)
  mask += 1 << i;

 return mask;
}

function convert_float (float)
{
 local_var exponent, mantissa, major, minor, ret;

 if (ord(float[0]) & 128)
   return NULL;

 exponent = ((ord(float[0]) & 127) << 4) +
            ((ord(float[1]) & 240) >> 4) - 1023;


 if (exponent > 16)
   return NULL;

 mantissa = 65536 +
           ((ord(float[1]) & 15) << 12) +
           ((ord(float[2]) & 255) << 4) +
           ((ord(float[3]) & 240) >> 4);

 major = mantissa >> (16 - exponent);

 minor = mantissa & create_mask(size:16 - exponent);

 ret = NULL;
 ret[0] = major;
 ret[1] = minor;

 return ret;
}



port = get_kb_item("Services/dameware");
if (! port) port = 6129;

if (!get_port_state(port))
  exit(0);

soc = open_sock_tcp(port);
if (!soc)
  exit(0);

buf = recv(socket:soc, length:50);
if (!buf || (strlen(buf) != 40) || (ord(buf[0]) != 0x30) || (ord(buf[1]) != 0x11))
  exit(0);

raw_version = inverse (data:substr(buf,8,15));

version = convert_float (float:raw_version);

if (!isnull(version))
{
 set_kb_item (name:"DameWare/major_version", value:version[0]);
 set_kb_item (name:"DameWare/minor_version", value:version[1]);

 if ((version[0] < 3) || ((version[0] == 3) && (version[1] < 23920)))
   security_hole(port:port);
}

Related

cvelist 1
exploitdb 4
cve 1
nvd 1
cvelist
cvelist
CVE-2003-1030
2004-01-15 05:00:00
exploitdb
exploitdb
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (1)
2003-12-16 00:00:00
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (2)
2003-12-16 00:00:00
DameWare Mini Remote Control Server 3.7x - Buffer Overflow (3)
2003-12-16 00:00:00
cve
cve
CVE-2003-1030
2004-02-17 05:00:00
nvd
nvd
CVE-2003-1030
2004-02-17 05:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.292

Percentile

96.9%

JSON
Related for DAMEWARE_MINI_REMOTE_CONTROL_OVERFLOW.NASL
cvelist1exploitdb4cve1nvd1