Title:
[Kil13r-SA-20060605] Syworks SafeNET Policy File Vulnerability
Author:
Kil13r - http://www.kil13r.info/
Local / Remote:
Local
Timeline:
2006/04/18 - Discovery
2006/06/05 - Release
Affected version:
All version of Syworks SafeNET
Not affected version:
In this time, none
Description:
Syworks SafeNET is network resource protection solution which organized by client/server, but that has serious vulnerability.
It has client policy file that can be modified by end user.
In file of policy.dat
08h to 16h: Ascii value of Syworks SafeNET server address
18h: The switch of Syworks SafeNET client (On: 0x01, Off: 0x00)
1ch to 1dh: ICMP limit (0x0000 to 0xFFFF)
20h to 21h: Broadcast limit (0x0000 to 0xFFFF)
24h to 25h: Session limit (0x0000 to 0xFFFF)
28h: Session limit violation allowed time (0x00 to 0xFF)
2ah: The switch which blocking continuous violation (On: 0x01, Off: 0x00)
2ch: Continuous violation allowed time (0x00 to 0xFF)
2fh: The switch which warning continuous violation (On: 0x01, Off: 0x00)
31h: The switch which disallowing Syworks SafeNET client termination by end user (On: 0x01, Off: 0x00)
33h: The switch which disallowing Syworks SafeNET client icon in tray (On: 0x01, Off: 0x00)
3eh to 41h: Problem autoreport interval (0x00000000 to 0xFFFFFFFF)
If attacker modify client policy file, attacker can consume all of network resource.
Proof of Concept code:
None
Proof of Concept example:
None
Proof of Concept screenshot:
None
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum