CVE-2008-0767

ExtremeZ-IP File and Print Server < 5.1.2 - Denial of Service via SLP Packet Length Mismatch

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0767. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes vulnerabilities in ExtremeZ-IP File and Print servers, including DoS and information disclosure issues. It references a security advisory but does not contain actual exploit code.

Description

ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotehardware

https://www.exploit-db.com/exploits/31132

View Code ZIP pw:eip

The provided text describes vulnerabilities in ExtremeZ-IP File and Print servers, including DoS and information disclosure issues. It references a security advisory but does not contain actual exploit code.

Classification

Writeup 90%

Attack Type

Dos | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: ExtremeZ-IP File Server prior to 5.1.2x15 and ExtremeZ-IP Print Server prior to 5.1.2x15

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK