cnvd - cnvd-2017-05781

cnvd-2017-05781

Vulnerability from cnvd

Title

Dmitry栈缓冲区溢出漏洞

Description

DMitry（Deepmagic信息收集工具）是一种纯粹以C语言编码的UNIX/(GNU)Linux命令行程序，可以收集尽可能多的关于主机的信息。 DMitry（Deepmagic信息收集工具）存在栈缓存区溢出漏洞，攻击者可利用该漏洞通过长参数导致拒绝服务（应用程序崩溃）或造成其他影响。

Severity

高

Formal description

目前没有详细的解决方案提供： http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/

Reference

https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html

Impacted products

Name
mor-pah.net Dmitry 1.3a

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7938"
    }
  },
  "description": "DMitry\uff08Deepmagic\u4fe1\u606f\u6536\u96c6\u5de5\u5177\uff09\u662f\u4e00\u79cd\u7eaf\u7cb9\u4ee5C\u8bed\u8a00\u7f16\u7801\u7684UNIX/(GNU)Linux\u547d\u4ee4\u884c\u7a0b\u5e8f\uff0c\u53ef\u4ee5\u6536\u96c6\u5c3d\u53ef\u80fd\u591a\u7684\u5173\u4e8e\u4e3b\u673a\u7684\u4fe1\u606f\u3002\r\n\r\nDMitry\uff08Deepmagic\u4fe1\u606f\u6536\u96c6\u5de5\u5177\uff09\u5b58\u5728\u6808\u7f13\u5b58\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u957f\u53c2\u6570\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\uff08\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff09\u6216\u9020\u6210\u5176\u4ed6\u5f71\u54cd\u3002",
  "discovererName": "Hosein Askari (FarazPajohan)",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05781",
  "openTime": "2017-05-02",
  "products": {
    "product": "mor-pah.net Dmitry 1.3a"
  },
  "referenceLink": "https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-28",
  "title": "Dmitry\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2017-7938 (GCVE-0-2017-7938)

Vulnerability from cvelistv5

Published

2017-04-20 00:00

Modified

2024-08-05 16:19

Severity ?

6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

n/a

Summary

Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.

References

URL

Tags

	https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
	https://cxsecurity.com/issue/WLB-2017040113
	https://www.exploit-db.com/exploits/41898/	exploit
	https://github.com/jaygreig86/dmitry/pull/12

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-7938",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-30T13:28:46.775303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:09:03.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "ADP Container"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cxsecurity.com/issue/WLB-2017040113"
          },
          {
            "name": "41898",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41898/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jaygreig86/dmitry/pull/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-30T06:55:51.634917",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html"
        },
        {
          "url": "https://cxsecurity.com/issue/WLB-2017040113"
        },
        {
          "name": "41898",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/41898/"
        },
        {
          "url": "https://github.com/jaygreig86/dmitry/pull/12"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7938",
    "datePublished": "2017-04-20T00:00:00",
    "dateReserved": "2017-04-18T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.