Shemes GrabIt up to 1.7.2 ßeta 4 NZB Date Parser NZB File denial of service
|CVSSv3 Temp Score||Current Exploit Price (≈)|
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 ßeta 4. This affects an unknown function of the component NZB Date Parser. The manipulation of the argument
date with the input value
1000000000000000 leads to a denial of service vulnerability. This is going to have an impact on availability.
The bug was discovered 02/20/2010. The weakness was presented 07/08/2010 by Marc Ruef with scip AG as VulDB 4143 as bulletin (Website). The advisory is shared for download at scip.ch. The public release was coordinated in cooperation with Shemes. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. During the import of the malicious nzb file the application will freeze. Further interaction with the software is not possible anymore. Ongoing downloads will be corrupted or lost. It is required to kill the process and to re-launch the application.
A public exploit has been developed by Marc Ruef in NZB File and been published immediately after the advisory. It is declared as proof-of-concept. The exploit is shared for download at scip.ch. The vulnerability was handled as a non-public zero-day exploit for at least 138 days. During that time the estimated underground price was around $0-$1k.
Upgrading eliminates this vulnerability. The upgrade is hosted for download at shemes.com. The problem might be mitigated by replacing the product with SABnzbd as an alternative. The best possible mitigation is suggested to be establishing an alternative product.
CVSSv3Base Score: 5.3 [?]
Temp Score: 5.0 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:X [?]
CVSSv2Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P) [?]
Temp Score: 4.5 (CVSS2#E:POC/RL:U/RC:ND) [?]
ExploitingClass: Denial of service
Programming Language: NZB File
Author: Marc Ruef
Current Price Estimation: $0-$1k (0-day) / $0-$1k (Today)
Status: Not available
0-Day Time: 138 days since found
Exploit Delay Time: 0 days since known
Timeline02/20/2010 Vulnerability found
02/21/2010 +1 days Vendor informed
02/21/2010 +0 days Vendor acknowledged
07/08/2010 +137 days Advisory disclosed
07/08/2010 +0 days Exploit disclosed
07/08/2010 +0 days VulDB entry created
07/08/2010 +0 days SecurityFocus entry assigned
12/03/2015 +1974 days VulDB entry updated
SourcesAdvisory: VulDB 4143
Researcher: Marc Ruef
Organization: scip AG
SecurityFocus: 41505 - Grabit Date Field Denial of Service Vulnerability
Entry: 94.4% complete