Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Buffer-overflow in ASUS Remote Console 2.0.0.24

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: [Full-disclosure] Buffer-overflow in ASUS Remote Console 2.0.0.24
Date: Fri, 21 Mar 2008 23:16:40 +0100 

#######################################################################

                             Luigi Auriemma

Application:  ASUS Remote Console
              http://www.asus.com/999/html/share/9/icon/9/index.htm#asmb3
Versions:     <= 2.0.0.24
Platforms:    Windows
Bug:          buffer overflow
Exploitation: remote
Date:         21 Mar 2008
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============



From the manual:

"The ASUS Remote Console (ARC) is an efficient and flexible application
that allows monitoring and control of the remote host."

The main component of this service is a telnet server listening on port
623 which is called DpcProxy and provides an IPMI interface.


#######################################################################

======
2) Bug
======


The DPC Proxy is affected by a buffer-overflow vulnerability located in
the function which gets the data received from the client, stores them
in a stack buffer of about 1024 bytes and checks the presence of an end
of line delimiter (carriage return).


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/asuxdpc.txt

  nc SERVER 623 -v -v -w 2 < asuxdpc.txt


#######################################################################

======
4) Fix
======


No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Buffer-overflow in ASUS Remote Console 2.0.0.24, Luigi Auriemma <=
Previous by Date:  {securityreason.com}PHP 5 *printf() - Integer Overflow, cxib
Next by Date:  XSS in cPanel 11.x, xx_hack_xx_2004
Previous by Thread:  {securityreason.com}PHP 5 *printf() - Integer Overflow, cxib
Next by Thread:  XSS in cPanel 11.x, xx_hack_xx_2004
Indexes:  [Date] [Thread] [Top] [All Lists]