Jump to content

Hp 'socket_connect()' Function Stack Buffer Overflow Vulnerability


fapafap

Recommended Posts

So after scanning with nexpose, we have this vuln. The exploit is: http://www.securityfocus.com/bid/47950/exploit.

How do you actually use it? Its supposed to be remote, but it doesn't have any input params?

Broken link.

Read the code to see what it does. If you are new to exploitation and penetration testing I would suggest doing some research on the topics. Can't really jump steps from "Found this" to "Pwned".

Link to comment
Share on other sites

damn, I think that might ruin my chances of getting an answer here, damn you for replying first! ;) (As a side note- isn't the autopwn angle where Hak5 shines the most, so why not the forum follow same basis? :()

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1938 thats another link to the vuln. And I understand how the exploit works, but it seems to me to be a local exploit...?

Edited by fapafap
Link to comment
Share on other sites

Yeah i browsed over it.

BTW: Read the "Impact" section

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Link to comment
Share on other sites

Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938

I think what they've explained is the crash, how to trigger it manually, server side, but they state that "might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket" meaning you would probably have to work out the remote end of that exploit.

Edited by digip
Link to comment
Share on other sites

Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938

Yeah I was trying to avoid that. Buffer overflows are pretty easy to create a program to exploit. But even that wont work. You need to make your own shellcode regardless lol.

Link to comment
Share on other sites

Um, if something has already been exploited, the more than likely, there is an exploit out there with POC code. Not to be all script kiddie, but check http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=2011-1938

I think what they've explained is the crash, how to trigger it manually, server side, but they state that "might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket" meaning you would probably have to work out the remote end of that exploit.

Ah ok thanks, so I was on the right track then in thinking it looked like a local exploit, wish 'other' people would just spit it out :P

Link to comment
Share on other sites

Ah ok thanks, so I was on the right track then in thinking it looked like a local exploit, wish 'other' people would just spit it out :P

Got to learn on your own though. Know how it works then you will be able to do all sorts of things instead of looking for the quick answer ;)

Exploitation is not simple field to take on.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...