AOH :: HP Unsorted R :: BX2326.HTM

Remotely Anywhere 8.0.668 null pointer vuln



NULL pointer in Remotely Anywhere 8.0.668
NULL pointer in Remotely Anywhere 8.0.668




#######################################################################

                             Luigi Auriemma

Application:  Remotely Anywhere Server and Workstation
http://www.remotelyanywhere.com 
Versions:     <= 8.0.668
Platforms:    Windows
Bug:          NULL pointer
Exploitation: remote
Date:         08 Mar 2008
Author:       Luigi Auriemma
e-mail: aluigi@autistici.org 
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

==============1) Introduction
==============

Remotely Anywhere is a well known remote administration software.


#######################################################################

=====2) Bug
=====

The RemotelyAnywhere.exe process (port 2000) can be easily crashed
through a HTTP request with an invalid Accept-Charset parameter which
leads to a NULL pointer.

The process will be restarted automatically within less than one minute
by the management service so an attacker needs to send the malformed
request at regular intervals for keeping the server down as much as he
desires.


#######################################################################

==========3) The Code
==========

http://aluigi.org/poc/remotelynowhere.txt 

  stunnel http_to_https.conf
  nc 127.0.0.1 80 -v -v < remotelynowhere.txt


#######################################################################

=====4) Fix
=====

No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.