Open DC Hub prior 0.7.14 Remote Buffer Overflow 1.1
 
Plugin ID277
Plugin nameOpen DC Hub prior 0.7.14 Remote Buffer Overflow
Plugin filenameOpen DC Hub prior 0.7.14 Remote Buffer Overflow.plugin
Plugin filesize3953 bytes
Plugin familyPeer-to-Peer
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/11/27
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/28
Plugin version1.1
Plugin changelogFixed/improved the request and pattern matching of the detection and changed the port to 0 in 1.1
Plugin protocoltcp
Plugin port0
Plugin procedure detectionopen|eep|close|pattern_exists *This hub is running version 0.[0-6].* of Open DC Hub* OR *This hub is running version 0.7.0#* of Open DC Hub* OR *This hub is running version 0.7.1[0-4]* of Open DC Hub* OR *Open DC Hub, version 0.[0-6].* OR *Open DC Hub, version 0.7.0#* OR *Open DC Hub, version 0.7.1[0-4]*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameDonato Ferrante
Bug published emailfdonato at autistici dot org
Bug published webhttp://www.autistici.org/fdonato
Bug published date2004/11/24
Bug advisoryhttp://www.securityfocus.com/archive/1/382251
Bug produced webhttp://opendchub.sourceforge.net
Bug affectedOpen DC Hub prior 0.7.14
Bug not affectedOpen DC Hub newer than 0.7.14 and other solutions
Bug vulnerability classBuffer Overflow
Bug descriptionThe remote host is running a version of Open DC Hub, a peer-to-peer file sharing application, which is vulnerable to a remote buffer overflow. A successful exploit would allow a remote attacker to execute code on the remote host. It must be noted that the remote attacker needs administrative access to this application.
Bug solutionThe software should be deactivated or de-installed if not necessary. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 8081). Try to prevent unwanted connection attempts by filtering traffic with firewalling. A selfmade patch has been published in the initial bugtraq posting.
Bug fixing timeApprox. 1 hour
Bug exploit availabilityYes
Bug exploit urlhttp://www.autistici.org/fdonato/poc/OpenDcHub[0714]BOF-poc.zip
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity5
Bug simplicity7
Bug impact9
Bug risk7
Bug Nessus riskMedium
Bug check toolsNessus is able to do the same check. A proof-of-concept exploit has been published in the initial bugtraq posting (A copy is available at http://www.securityfocus.com/data/vulnerabilities/exploits/openDCHubBufferOverflowPOC.java)
Source SecurityFocus BID11747
Source Nessus ID15834
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.