asusvsbugs.txt

asusvsbugs.txt: Posted Nov 3, 2005; Authored by Luigi Auriemma | Site aluigi.altervista.org; Asus Video Security versions 3.5.0.0 and below suffer from buffer overflow and directory traversal vulnerabilities.; tags | advisory, overflow, vulnerability; SHA-256 | 31c8cba4b6bbf8207d5d7b89377235207fbf0353115ece6b8e9383a5e563dd62; Download | Favorite | View

asusvsbugs.txt


#######################################################################

                             Luigi Auriemma

Application:  Asus Video Security
              http://www.asus.com/products1.aspx?l1=2&share=icon/12
Versions:     <= 3.5.0.0
              (the version number is chaotic, this one seems the most
              recent but doesn't exist an official website with the
              latest updates and Asus didn't reply to me)
Platforms:    Windows
Bugs:         A] authorization buffer-overflow
              B] directory traversal
Exploitation: remote
Date:         02 Nov 2005
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Asus Video Security is a monitoring software bundled with Asus graphic
cards.
By default the built-in web server is disabled so these bugs can be
exploited "only" if it has been manually activated.


#######################################################################

=======
2) Bugs
=======

--------------------------------
A] authorization buffer-overflow
--------------------------------

Exists a buffer-overflow which happens during the handling of the
decoded (base64) username:password string sent to a password protected
ASUS Video Security web server.
The server is not vulnerable if doesn't use authorization.


----------------------
B] directory traversal
----------------------

The built-in web server is also vulnerable to a classical directory
traversal bug which allows an attacker to download any file in the disk
where the program is installed.
That's possible through the usage of the dot-dot-slash and backslash
patterns (HTTP encoded chars are not allowed in the web server).
If the server is protected with password the attacker must know the
right keyword.


#######################################################################

===========
3) The Code
===========


http://aluigi.altervista.org/poc/asusvsbugs.zip


#######################################################################

======
4) Fix
======


No fix.
No reply from the vendor.


#######################################################################


--- 
Luigi Auriemma 
http://aluigi.altervista.org

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 87 files
Gentoo 31 files
Debian 20 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,081)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,414)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,315)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,668)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

asusvsbugs.txt

asusvsbugs.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

asusvsbugs.txt

Share This

asusvsbugs.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems