New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Garbage data in the incoming remote packet may crash the server [CORE1681] #2106
Comments
Commented by: @dyemanov The affected packet types are: op_receive, op_start, op_start_and_receive, op_send, op_start_and_send, op_start_send_and_receive. The bug is caused by lack of validation for a not yet allocated port_object_vector in a few places of the remote subsystem. Test case in Python: import socket def getTargetIP(): port = 3050 packet = '\x00\x00\x00' + op + 'A' * 2000 for i in range(0, 5): |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.1 RC1 [ 10201 ] |
Modified by: @dyemanovdescription: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs. |
Modified by: @dyemanovdescription: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095 |
Modified by: @pcisarWorkflow: jira [ 13806 ] => Firebird [ 14118 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovQA Status: No test |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Cannot be tested |
Submitted by: @dyemanov
If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095
Commits: 3201c3d 84a0dc8 ee8fdef
The text was updated successfully, but these errors were encountered: