lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <004e01c4c4e0$3befb4a0$0200a8c0@box>
From: class101 at phreaker.net (class 101)
Subject: [Advisory + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit

Hi List,


I found yesterday this bug in the last version of MiniShare.
This is a simple buffer overflow in the address link.
Vendors are contacted at http://minishare.sourceforge.net
1 hour only before the public advisorie.

Actually no fix are available. The exploit is available in attachment for the list peoples, and available at dfind.kd-team.com my homepage.

class101


/*



MiniShare <= 1.4.1, Remote Buffer Overflow Exploit v0.1.
Bind a shellcode to the port 101.

Full disclosure and exploit 
by class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet
07 november 2004

Thanx to HDMoore and Metasploit.com for their kickass ASM work.


------------------
WHAT IS MINISHARE
------------------

Homepage - http://minishare.sourceforge.net/
 
 MiniShare is meant to serve anyone who has the need to share files to anyone,
 doesn't have a place to store the files on the web, 
    and does not want or simply does not have the skill
 and possibility to set up and maintain a complete HTTP-server software...

--------------
VULNERABILITY
--------------

 A simple buffer overflow in the link length, nothing more
 read the code for further instructions.

----
FIX
----

 Actually none, the vendor is contacted the same day published, 1 hour before you.
    As a nice fuck to NGSS , iDEFENSE and all others private disclosures
 homo crew ainsi que K-OTiK, ki se tap' des keu dans leur "Lab"
 lol :->

----
EXTRA
----
   
 Update the JMP ESP if you need. A wrong offset will crash minishare.
 Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English
 Others MiniShare's versions aren't tested.
    Tip: If it crashes for you , try to play with Sleep()...

----
BY
----

    class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet
       who
      greets
    DiabloHorn [at] www.kd-team.com [&] #kd-team [at] EFnet

*/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041107/17654d5e/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 101_mini.cpp
Type: application/octet-stream
Size: 8268 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041107/17654d5e/101_mini.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ