|
Hi List,
I found yesterday this bug in the last version of
MiniShare.
This is a simple buffer overflow in the address
link.
Vendors are contacted at http://minishare.sourceforge.net
1 hour only before the public
advisorie.
Actually no fix are available. The exploit is
available in attachment for the list peoples, and available at dfind.kd-team.com
my homepage.
class101
/*
MiniShare <= 1.4.1, Remote Buffer Overflow Exploit v0.1.
Bind a shellcode to the port 101. Full disclosure and exploit
by class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet 07 november 2004 Thanx to HDMoore and Metasploit.com for their kickass ASM work.
------------------ WHAT IS MINISHARE ------------------ Homepage - http://minishare.sourceforge.net/
MiniShare is meant to serve anyone who has the need to share files to anyone, doesn't have a place to store the files on the web, and does not want or simply does not have the skill and possibility to set up and maintain a complete HTTP-server software... --------------
VULNERABILITY -------------- A simple buffer overflow in the link length, nothing
more
read the code for further instructions. ----
FIX ---- Actually none, the vendor is contacted the same day published, 1 hour
before you.
As a nice fuck to NGSS , iDEFENSE and all others private disclosures homo crew ainsi que K-OTiK, ki se tap' des keu dans leur "Lab" lol :-> ----
EXTRA ---- Update the JMP ESP if you need. A wrong offset will crash minishare. Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English Others MiniShare's versions aren't tested. Tip: If it crashes for you , try to play with Sleep()... ----
BY ---- class101 [at] DFind.kd-team.com [&] #n3ws [at]
EFnet
who greets DiabloHorn [at] www.kd-team.com [&] #kd-team [at] EFnet */
|
101_mini.cpp
Description: Binary data
