NULL pointer in Remotely Anywhere 8.0.668

2008-03-13T00:00:00

Description

####################################################################### Luigi Auriemma Application: Remotely Anywhere Server and Workstation http://www.remotelyanywhere.com Versions: <= 8.0.668 Platforms: Windows Bug: NULL pointer Exploitation: remote Date: 08 Mar 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Remotely Anywhere is a well known remote administration software. ####################################################################### ====== 2) Bug ====== The RemotelyAnywhere.exe process (port 2000) can be easily crashed through a HTTP request with an invalid Accept-Charset parameter which leads to a NULL pointer. The process will be restarted automatically within less than one minute by the management service so an attacker needs to send the malformed request at regular intervals for keeping the server down as much as he desires. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/remotelynowhere.txt stunnel http_to_https.conf nc 127.0.0.1 80 -v -v < remotelynowhere.txt ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org

{"id": "SECURITYVULNS:DOC:19407", "bulletinFamily": "software", "title": "NULL pointer in Remotely Anywhere 8.0.668", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: Remotely Anywhere Server and Workstation\r\n http://www.remotelyanywhere.com\r\nVersions: <= 8.0.668\r\nPlatforms: Windows\r\nBug: NULL pointer\r\nExploitation: remote\r\nDate: 08 Mar 2008\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bug\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nRemotely Anywhere is a well known remote administration software.\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n2) Bug\r\n======\r\n\r\n\r\nThe RemotelyAnywhere.exe process (port 2000) can be easily crashed\r\nthrough a HTTP request with an invalid Accept-Charset parameter which\r\nleads to a NULL pointer.\r\n\r\nThe process will be restarted automatically within less than one minute\r\nby the management service so an attacker needs to send the malformed\r\nrequest at regular intervals for keeping the server down as much as he\r\ndesires.\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/poc/remotelynowhere.txt\r\n\r\n stunnel http_to_https.conf\r\n nc 127.0.0.1 80 -v -v < remotelynowhere.txt\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nNo fix\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org", "published": "2008-03-13T00:00:00", "modified": "2008-03-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19407", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 39, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8783"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8783"]}]}, "exploitation": null, "vulnersScore": 1.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645670445, "score": 1659803227}, "_internal": {"score_hash": "d592fa7a7714b0ba278418da8d1275bd"}}