Vulnerability ID 4143

Shemes GrabIt up to 1.7.2 ßeta 4 NZB Date Parser NZB File denial of service

CVSSv3 Temp ScoreCurrent Exploit Price (≈)
5.0$0-$1k

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 ßeta 4. This affects an unknown function of the component NZB Date Parser. The manipulation of the argument date with the input value 1000000000000000 leads to a denial of service vulnerability. This is going to have an impact on availability.

The bug was discovered 02/20/2010. The weakness was presented 07/08/2010 by Marc Ruef with scip AG as VulDB 4143 as bulletin (Website). The advisory is shared for download at scip.ch. The public release was coordinated in cooperation with Shemes. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a public exploit are known. During the import of the malicious nzb file the application will freeze. Further interaction with the software is not possible anymore. Ongoing downloads will be corrupted or lost. It is required to kill the process and to re-launch the application.

A public exploit has been developed by Marc Ruef in NZB File and been published immediately after the advisory. It is declared as proof-of-concept. The exploit is shared for download at scip.ch. The vulnerability was handled as a non-public zero-day exploit for at least 138 days. During that time the estimated underground price was around $0-$1k.

Upgrading eliminates this vulnerability. The upgrade is hosted for download at shemes.com. The problem might be mitigated by replacing the product with SABnzbd as an alternative. The best possible mitigation is suggested to be establishing an alternative product.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 41505). Further details are available at seclists.org.

CVSSv3

Base Score: 5.3 [?]
Temp Score: 5.0 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:X [?]
Reliability: High

CVSSv2

Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P) [?]
Temp Score: 4.5 (CVSS2#E:POC/RL:U/RC:ND) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Denial of service
Local: No
Remote: Yes

Availability: Yes
Access: Public
Status: Proof-of-Concept
Reliability: 90%
Programming Language: NZB File
Author: Marc Ruef
Download: scip.ch

Current Price Estimation: $0-$1k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Countermeasures

Recommended: Alternative
Status: Not available
0-Day Time: 138 days since found
Exploit Delay Time: 0 days since known

Upgrade: shemes.com
Alternative: SABnzbd

Timeline

02/20/2010 Vulnerability found
02/21/2010 +1 days Vendor informed
02/21/2010 +0 days Vendor acknowledged
07/08/2010 +137 days Advisory disclosed
07/08/2010 +0 days Exploit disclosed
07/08/2010 +0 days VulDB entry created
07/08/2010 +0 days SecurityFocus entry assigned
12/03/2015 +1974 days VulDB entry updated

Sources

Advisory: VulDB 4143
Researcher: Marc Ruef
Organization: scip AG
Coordinated: Yes
SecurityFocus: 41505 - Grabit Date Field Denial of Service Vulnerability

Misc.: seclists.org

Entry

Created: 07/08/2010
Updated: 12/03/2015
Entry: 94.4% complete