DDIVRT-2008-11 BadBlue uninst.exe DoS
Medium
March 5th 2008
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@b13$
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are
stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web
root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition
by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a
patch for the previously documented directory traversal vulnerability (CVE 2007-6378), an attacker may
utilize these two flaws in conjunction to place a malicious executable in the web root and compromise
a vulnerable server.
Restrict access to the executables already in the web root (badblue.exe, uninst.exe, and dyndns.exe)
and take steps to ensure that users cannot write files to the web root.
BadBlue Personal Edition version 2.72 has been tested on Windows XP and Windows Server 2003. Other
versions and systems are assumed to be vulnerable.
Vendor Name: BadBlue
Vendor Website: www.badblue.com