VulDB: Shemes GrabIt up to 1.7.2 ßeta 4 NZB Date Parser NZB File denial of service
General
scipID: 4143
Affected: Shemes GrabIt up to 1.7.2 ßeta 4
Published: 07/08/2010 (Marc Ruef)
Risk: 
problematic
Entry: 100% complete
Created: 07/08/2010
Updated: 07/10/2012
Summary
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 ßeta 4. This affects an unknown function of the component NZB Date Parser. The manipulation of the argument date with the input value 1000000000000000 leads to a denial of service vulnerability. This is going to have an impact on availability.
The bug was discovered 02/20/2010. The weakness was presented 07/08/2010 by Marc Ruef with scip AG as VulDB 4143 as bulletin (Website). The advisory is shared for download at scip.ch. The public release was coordinated in cooperation with Shemes. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. During the import of the malicious nzb file the application will freeze. Further interaction with the software is not possible anymore. Ongoing downloads will be corrupted or lost. It is required to kill the process and to re-launch the application.
An exploit has been developed by Marc Ruef in NZB File and been published immediately after the advisory. It is declared as proof-of-concept. The exploit is shared for download at scip.ch. The vulnerability was handled as a non-public zero-day exploit for at least 138 days.
Upgrading eliminates this vulnerability. The upgrade is hosted for download at shemes.com. The problem might be mitigated by replacing the product with SABnzbd as an alternative. The best possible mitigation is suggested to be establishing an alternative product. The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 41505). Further details are available at seclists.org.CVSS
Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: Yes
Access: Public
Status: Proof-of-Concept
Reliability: 90%
Programming Language: NZB File
Author: Marc Ruef
Download: scip.ch
Countermeasures
Recommended: Alternative
0-Day Time: 138 days since found
Exploit Delay Time: 0 days since known
Upgrade: shemes.com
Alternative: SABnzbd
Timeline
02/20/2010 | Vulnerability found
02/21/2010 | Vendor informed
02/21/2010 | Vendor acknowledged
07/08/2010 | Advisory disclosed
07/08/2010 | Exploit disclosed
07/08/2010 | VulDB entry created
07/10/2012 | VulDB entry updated
Sources
Advisory: VulDB 4143
Researcher: Marc Ruef
Company: scip AG
Coordinated: Yes
SecurityFocus: 41505
Misc.: seclists.org
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
