Simply using a large number of A’s (over 2000) or any other character would result in the application terminating unexpectedly. Sometimes it may be necessary to fuzz input fields and parameters, an automated process of entering varying amounts of different characters in sequence in an attempt to identify unexpected behaviour, however this was not the case in this instance. However, for the proof of concept, only one of these fields was used the “Host” field under the SOCKS Proxy Settings.Īs a simple test for this vulnerability, a large number of characters can be entered into the field to observe the results.
The majority of these fields lack appropriate input sanitization, leading to crashes when entering a large amount of input (more than 3,000 characters).
#Dameware mini remote control server uninstall windows
One of the windows (AMT Settings) within in the GUI has several input fields. However, at the time of writing, this version doesn’t appear to be available from the customer portal and if you are affected by this issue, it is recommended that you request it directly from customer support. Solarwinds have been contacted about this issue who have acknowledged it and have released a version which reportedly contains the fix for the vulnerability, version 12.1. This vulnerability is due to insecure handling of a user input buffer which ultimately allows for overwriting Structured Exception Handler (SEH) addresses and the subsequent hijacking of execution flow.īelow is a video demonstration of exploitation for proof of concept of this vulnerability. Having recently completed my OSCE and looking to use some of the skills I picked up there in the real world, I found a local buffer overflow vulnerability in the latest version (at the time of writing) for Dameware MRC (12.0.5) and it has been assigned CVE-2018-12897. You can often find it among the plethora of toolkits used by system administrators managing the IT infrastructure in organisations. Dameware Mini Remote Control (MRC) is a remote administration utility allowing remote access to end user devices for a variety of purposes.
0 kommentar(er)
