Vulners
Lucene search
samsung net-i ware <= 1.37 - Multiple Vulnerabilities
#######################################################################
Luigi Auriemma
Application: Samsung NET-i ware
http://www.samsungsecurity.com/product/product_view.asp?idx=6447
http://www.samsungsecurity.com/product/product_view.asp?idx=5828
Versions: <= 1.37
Platforms: Windows
Bugs: A] Endless loop in remote services
B] Code execution in ConnectDDNS ActiveX
C] Stack overflow in BackupToAvi ActiveX
Exploitation: remote
Date: 21 Apr 2012
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
"Recording software for Samsung network cameras".
#######################################################################
=======
2) Bugs
=======
----------------------------------
A] Endless loop in remote services
----------------------------------
All the NET-i ware services are affected by an endless loop caused by
the wrong handling of negative 32bit size fields.
----------------------------------------
B] Code execution in ConnectDDNS ActiveX
----------------------------------------
Code execution vulnerability in the ConnectDDNS method used by the
following ActiveX components:
- EEDBA32E-5C2D-48f1-A58E-0AAB0BC230E3
- 17A7F731-C9EC-461C-B813-2F42A1BB58EB
10022F80 8B02 MOV EAX,DWORD PTR DS:[EDX]
10022F82 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-18]
10022F85 FF10 CALL DWORD PTR DS:[EAX]
The bug is not much reliable to replicate so I report it just for
reference.
No additional research performed.
----------------------------------------
C] Stack overflow in BackupToAvi ActiveX
----------------------------------------
Stack overflow in the BackupToAvi method used by the ActiveX components
3D6F2DBA-F4E5-40A6-8725-E99BC96CC23A and
208650B1-3CA1-4406-926D-45F2DBB9C299.
#######################################################################
===========
3) The Code
===========
A]
http://aluigi.org/testz/udpsz.zip
http://www.exploit-db.com/sploits/18765-1.zip
NiwMasterService:
udpsz -b 0x80 -T SERVER 4505 0x28
NiwStorageService:
udpsz -T -c "REM" 0 -C 80808080 0x10 SERVER 4508 0x14
B,C]
http://aluigi.org/poc/netiware_1b.zip
#######################################################################
======
4) Fix
======
No fix.
#######################################################################
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1