[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Rocket Software UniData <= 7.2.7.3806 Denial of Service Vulnerabilities
# Published : 2010-10-15
# Author : Luigi Auriemma
# Previous Title : IBM solidDB <= 6.5.0.3 Denial of Service Vulnerability
# Next Title : DATAC RealWin <= 2.0 (Build 6.1.8.10) Buffer Overflow Vulnerabilities
Source: http://aluigi.org/adv/unirpcd_1-adv.txt
#######################################################################
Luigi Auriemma
Application: Rocket Software UniData
http://www.rocketsoftware.com/u2/products/unidata/
Versions: <= 7.2.7.3806
Platforms: Windows
Bugs: various Denial of Service vulnerabilities in unirpcd.exe
Exploitation: remote, versus server
Date: 15 Oct 2010
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
"UniData? is an extended relational data server ideal for embedding in
a variety of industry-focused solutions."
#######################################################################
=======
2) Bugs
=======
The unirpc service listening on port 31438 is affected by various
Denial of Service vulnerabilities regarding the access of invalid zones
of memory.
Although the first vulnerability is a memory corruption problem where
the program calls recv() using a heap buffer and a huge amount of data
to copy (like 0x7fffffe8, decided by the attacker) in my tests it
didn't result exploitable.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/poc/unirpcd_1.zip
http://www.exploit-db.com/sploits/unirpcd_1.zip
#######################################################################
======
4) Fix
======
No fix.
#######################################################################