Vulnerabilities > CVE-2004-2271 - Remote Buffer Overflow vulnerability in MiniShare Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
minishare
nessus
exploit available
metasploit
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

Vulnerable Configurations

Part Description Count
Application
Minishare
1

Exploit-Db

  • descriptionMinishare 1.4.1 Buffer Overflow. CVE-2004-2271. Remote exploit for windows platform
    idEDB-ID:16754
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16754/
    titleMinishare 1.4.1 - Buffer Overflow
  • descriptionMiniShare Remote Buffer Overflow Exploit (c source). CVE-2004-2271. Remote exploit for windows platform
    idEDB-ID:636
    last seen2016-01-31
    modified2004-11-16
    published2004-11-16
    reporterNoPh0BiA
    sourcehttps://www.exploit-db.com/download/636/
    titleMiniShare 1.4.1 - Remote Buffer Overflow Exploit
  • descriptionMiniShare. CVE-2004-2271. Remote exploit for windows platform
    idEDB-ID:616
    last seen2016-01-31
    modified2004-11-07
    published2004-11-07
    reporterclass101
    sourcehttps://www.exploit-db.com/download/616/
    titleMiniShare <= 1.4.1 - Remote Buffer Overflow Exploit

Metasploit

descriptionThis is a simple buffer overflow for the minishare web server. This flaw affects all versions prior to 1.4.2. This is a plain stack buffer overflow that requires a "jmp esp" to reach the payload, making this difficult to target many platforms at once. This module has been successfully tested against 1.4.1. Version 1.3.4 and below do not seem to be vulnerable.
idMSF:EXPLOIT/WINDOWS/HTTP/MINISHARE_GET_OVERFLOW
last seen2020-06-01
modified2017-07-24
published2005-12-26
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/minishare_get_overflow.rb
titleMinishare 1.4.1 Buffer Overflow

Nessus

NASL familyWeb Servers
NASL idMINISHARE_OVERFLOW.NASL
descriptionMiniShare 1.4.1 and prior versions are affected by a buffer overflow flaw. A remote attacker could execute arbitrary commands by sending a specially crafted file name in a the GET request. Version 1.3.4 and below do not seem to be vulnerable.
last seen2020-06-01
modified2020-06-02
plugin id18424
published2005-06-06
reporterThis script is Copyright (C) 2005-2019 SensePost
sourcehttps://www.tenable.com/plugins/nessus/18424
titleMiniShare Webserver HTTP GET Request Remote Overflow
code
#
# written by Gareth Phillips - SensePost PTY ltd (www.sensepost.com)
#
# Changes by Tenable:
# - detect title to prevent false positives
# - fix version detection
# - added CVE xrefs.
# - revised plugin title, changed family, update output formatting (8/18/09)



include("compat.inc");

if(description)
{
 script_id(18424);
 script_version ("1.24");
 script_cve_id("CVE-2004-2271");
 script_bugtraq_id (11620);

 script_name(english:"MiniShare Webserver HTTP GET Request Remote Overflow");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a remote buffer overflow 
vulnerability." );
 script_set_attribute(attribute:"description", value:
"MiniShare 1.4.1 and prior versions are affected by a buffer overflow 
flaw. A remote attacker could execute arbitrary commands by sending a
specially crafted file name in a the GET request.

Version 1.3.4 and below do not seem to be vulnerable." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Nov/248" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to MiniShare 1.4.2 or higher." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'Minishare 1.4.1 Buffer Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/06");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/07");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"MiniShare webserver buffer overflows");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2020 SensePost");
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# Code Starts Here
#

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80, embedded:TRUE);

if(get_port_state(port))
{
res = http_get_cache_ka(item:"/", port:port);
if( res == NULL ) exit(0);
if ("<title>MiniShare</title>" >!< res)
  exit (0);

if (egrep (string:res, pattern:'<p class="versioninfo"><a href="http://minishare\\.sourceforge\\.net/">MiniShare 1\\.(3\\.([4-9][^0-9]|[0-9][0-9])|4\\.[0-1][^0-9])'))
  security_hole (port);
}

Packetstorm

References