Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple Vulnerabilities In EmuLive Server4

from [GulfTech Security] Network Security [Permanent Link]
Subject: Multiple Vulnerabilities In EmuLive Server4
Date: Mon, 20 Sep 2004 19:59:31 -0500 
##########################################################
# GulfTech Security Research           September 20th, 2004
##########################################################
# Vendor  : Emulive Imaging Corporation
# URL     : http://www.emulive.com
# Version : EmuLive Server4 Commerce Edition Build 7560
# Risk    : Multiple Vulnerabilities
##########################################################


Description:
Server4 is real-time media broadcasting software that works 
in conjunction with Emulive producer software to create 
digital television-like channels on the Internet. To web 
browsers, Server4 appears as a standard web server. Visitors 
to a Server4 system can browse and view available channels, 
chat with other users, remotely control cameras, remotely 
control devices, create user accounts, extend user accounts, 
purchase time and access controlled subscriptions, purchase 
one-to-one exclusive conferences, tip channel hosts, purchase 
additional time and much much more.



Unauthorized Admin Access:
EmuLive Server4, like a lot of software comes with built in
remote administration features. The administration console
in Server4 lets server admins manage such data as their live
statistics, affiliate management, and eCommerce reports. This
however can easily be accessed by an attacker by requesting
the following url

http://localhost//PUBLIC/ADMIN/INDEX.HTM

notice the "//" after the host info. Normally when an admin
successfully logs in, there is a long session ID in between
those two slashes. So, we can now do anything an admin can
by using a little slash ;) Another interesting thing about
this particular issue, is after I requested an admin page
from a remote machine with a null session id, it gave me the 
legitimate session credentials that were gained on another 
machine, automatically!



Remote Server Crash:
EmuLive Server4 is a very nice multimedia broadcasting 
application. One very useful feature is that it allows remote 
connections for production software on tcp port 66. This is 
meant for EmuLive Producer, which is a audio/video encoder 
software product that works in conjunction with server4 to 
create Interactive digital television-like channels on the 
Internet. There lies a flaw in the way Server4 handles the
connections made to this port. For example, an attacker can
input a quick sequence of eight or more sets of carriage
returns and crash the server hard. In the tests that I did
it froze up my WinXP Pro machine so bad that I was forced to
press the reset button as it was the only thing that worked.
I am not sure if this issue is remotely exploitable for any
thing other than killing the server, as my machine died
immediately after the death packet was sent, so I could not
read any error messages or responses.



Related Info:
The original advisory and POC can be found at the following location 
http://www.gulftech.org/?node=research&article_id=00051-09202004



Credits:
James Bercegay of the GulfTech Security Research Team
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple Vulnerabilities In EmuLive Server4, GulfTech Security <=
Previous by Date:  CoD United Offensive boom boom, Luigi Auriemma
Next by Date:  Re: Debian netkit telnetd vulnerability, Solar Designer
Previous by Thread:  CoD United Offensive boom boom, Luigi Auriemma
Next by Thread:  And More Advanced SQL Injection..., Stefano Di Paola
Indexes:  [Date] [Thread] [Top] [All Lists]