SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
BID:22301
Info
SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 22301 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0641 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 29 2007 12:00AM |
| Updated: | May 12 2015 07:35PM |
| Credit: | Andres Tarasco is credited with discovering this issue. |
| Vulnerable: |
Shaffer Solutions Corp DiskAccess 0 |
| Not Vulnerable: | |
Discussion
SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
Shaffer Solutions Corp DiskAccess is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the Spooler service. The Spooler service typically runs with the privileges of the 'LocalSystem' account.
Shaffer Solutions Corp DiskAccess is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the Spooler service. The Spooler service typically runs with the privileges of the 'LocalSystem' account.
Exploit / POC
SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
Attackers may leverage this issue by submitting a malicious document to the application's print provider service.
A CANVAS exploit module is available for members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/danfs_pp.tar
The following exploit is available:
Attackers may leverage this issue by submitting a malicious document to the application's print provider service.
A CANVAS exploit module is available for members of the Immunity Partner's program:
https://www.immunityinc.com/downloads/immpartners/danfs_pp.tar
The following exploit is available:
Solution / Fix
SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability
References:
References:
- DiskAccess Product Page (Shaffer Solutions Corp)