Описание
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-6892
- https://blogs.securiteam.com/index.php/archives/3669
- https://www.exploit-db.com/exploits/44027
- https://www.exploit-db.com/exploits/44175
- https://www.exploit-db.com/exploits/45197
- https://www.exploit-db.com/exploits/46250
- https://www.exploit-db.com/exploits/48840
- http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt
- http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html
- http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html
- http://packetstormsecurity.com/files/159327/CloudMe-1.11.2-Buffer-Overflow.html
Связанные уязвимости
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.