Vulnerabilities > CVE-2004-1892 - Remote Buffer Overflow vulnerability in Emule 0.42D

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
emule
nessus
exploit available
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.

Vulnerable Configurations

Part Description Count
Application
Emule
1

Exploit-Db

descriptioneMule. CVE-2004-1892. Remote exploit for windows platform
idEDB-ID:175
last seen2016-01-31
modified2004-04-12
published2004-04-12
reporterkingcope
sourcehttps://www.exploit-db.com/download/175/
titleeMule <= 0.42d IRC Remote Buffer Overflow Exploit

Nessus

NASL familyPeer-To-Peer File Sharing
NASL idEMULE_HTTP_FLAWS.NASL
descriptionAccording to its version, the eMule Web Server listening on this port contains a buffer overflow vulnerability in the
last seen2020-06-01
modified2020-06-02
plugin id42833
published2009-11-17
reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/42833
titleeMule IRC Module / Web Server DecodeBase16 Function Remote Overflow
code
#
# (C) Tenable NetworkSecurity, Inc.
#

include("compat.inc");

if(description)
{
  script_id(42833);
  script_version ("1.7");

  script_cve_id("CVE-2004-1892");
  script_bugtraq_id(10039);
 
  script_name(english:"eMule IRC Module / Web Server DecodeBase16 Function Remote Overflow");
  script_summary(english:"Checks version saved in the KB");
 
  script_set_attribute(attribute:"synopsis", value:
"Arbitrary code may be run on this host." );
  script_set_attribute(attribute:"description", value:
"According to its version, the eMule Web Server listening on this port
contains a buffer overflow vulnerability in the 'DecodeBase16'
function due to a lack of length checks on its inputs.  An anonymous
remote attacker may be able to leverage this issue to execute
arbitrary code on the affected host." );
  script_set_attribute(attribute:"see_also", value:"http://security.nnov.ru/search/news.asp?binid=3572" );
  script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=108100987429960&w=2" );
  script_set_attribute(attribute:"solution", value:
"Either upgrade to eMule version 0.42e or later, do not use the eMule
web server and IRC client, or uninstall eMule." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2009/11/17");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/04/05");
 script_cvs_date("Date: 2018/11/15 20:50:24");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); 
  script_family(english:"Peer-To-Peer File Sharing");
  script_dependencies("eMuleWebServer_detect.nasl");
  script_require_ports("Services/www", 4711);
  exit(0);
}

include("global_settings.inc");

a = get_kb_list("www/*/eMule");
if (isnull(a)) exit(0);

foreach k (keys(a))
{
  v = eregmatch(string: k, pattern: "www/([0-9]+)/eMule");
  if (isnull(v)) continue;
  port = int(v[1]);
  ver = a[k];
  if (ver =~ "^0\.(30e|42[a-d])$") security_hole(port);
}

References