… SSRF, SQL Injection, ROP or JOP; reproducible crashes with stack traces; leaked or hard coded sensitive credentials; exploitable, dangerous APIs; …
Tag: CRaSH
When I inject sql into a search query, why does it search up the input instead of executing?
I am studying sql injection and hosting my own site to test on. When I use a special character like ‘ or ‘;– , the database crashes and there is no …
Related:
Updating other user profile from Admin Panel
I am sure this is subject to sql injection, or can crash the app or cause data issues if the user mess with the hidden field. What is the right way of doing …
Related:
Need solution and mitigation techniques for memory exploit attack signatures.
I need a solution
Hi Guys,
Recently, there was a couple of IPS signatures triggered as shown below:
Memory Exploit Attack: Memory Heap Spray detected for legit MS file : C:Program FilesMicrosoft OfficeOffice14EXCEL.EXE
Attack: Structured Exception Handler Overwrite for file ccSvcHst.exe under path C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinccSvcHst.exe.
We also have symantec ATP Endpoint solution through which we receive incidents for these signatures. Upon checking, both files are legit and did not experience any applicaiton crash or anything.
We are wondering how to handle memory exploit attacks in terms of handling, mitigation and action. Can any expert guide me with links and process for handling this. Was there any FP alerts reported for legit files before?
Thanks,
0
Related:
ccSvcHst.exe crash – Symantec Framework error
I need a solution
I have been seeing this error repeatedly on a single server in our environment. The SEP icon is not showing in the taskbar, but I can open the client (from the All Programs menu) and it opens without issue. I’ve checked the SEPM and it appears as online and fully updated. However, this error re-occurs about once a day.
Error message below:
Problem signature:
Problem Event Name: APPCRASH
Application Name: ccSvcHst.exe
Application Version: 12.12.4.12
Application Timestamp: 599f4250
Fault Module Name: ntdll.dll
Fault Module Version: 6.3.9600.18895
Fault Module Timestamp: 5a4b127e
Exception Code: c0000022
Exception Offset: 0009d4e2
OS Version: 6.3.9600.2.0.0.272.7
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=280262
If the online privacy statement is not available, please read our privacy statement offline:
C:WINDOWSsystem32en-USerofflps.txt
0
Related:
Endpoint Protection Error intermittently causing application to crash
I need a solution
application often crash with the following error. Appreciate if you could help with the error attached. Thanks.
0
Related:
Can’t install App Layering Agent, “System.MissingMethodException”
The Citrix Agent install fails because the Agent won’t start. Windows says there was a timeout waiting for the service, but in reality it immediately crashes with a .Net error in the Windows Application event log.
Application Log events:
Log Name: Application
Source: Application Error
Date: 5/31/2018 4:10:15 PM
Event ID: 1000
Task Category: Application Crashing Events
Level: Error
Keywords: Classic
User: N/A
Computer: ComputerName
Description:
Faulting application name: Citrix.AppLayering.Agent.Service.exe, version: 4.10.0.14606, time stamp: 0x5aafec57
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18895, time stamp: 0x5a4b1cf7
Exception code: 0xe0434352
Fault offset: 0x00000000000092fc
Faulting process id: 0x8024
Faulting application start time: 0x01d3f91b5a5c5df7
Faulting application path: C:Program Files (x86)CitrixAgentCitrix.AppLayering.Agent.Service.exe
Faulting module path: C:Windowssystem32KERNELBASE.dll
Report Id: a15b981a-650e-11e8-80ed-005056aa2ca7
Log Name: Application
Source: .NET Runtime
Date: 5/31/2018 4:10:00 PM
Event ID: 1026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ComputerName
Description:
Application: Citrix.AppLayering.Agent.Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMethodException
at Castle.Facilities.WcfIntegration.WcfBehaviorActivator..ctor(Castle.Core.ComponentModel, Castle.MicroKernel.IKernel, Castle.MicroKernel.ComponentInstanceDelegate, Castle.MicroKernel.ComponentInstanceDelegate)
at DynamicClass.lambda_method(System.Runtime.CompilerServices.Closure, System.Object[])
at Castle.Core.Internal.ReflectionUtil.Instantiate(System.Reflection.ConstructorInfo, System.Object[])
at Castle.Core.Internal.ReflectionUtil.Instantiate[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Type, System.Object[])
at Castle.MicroKernel.DefaultKernel.CreateComponentActivator(Castle.Core.ComponentModel)
Exception Info: Castle.MicroKernel.KernelException
at Castle.MicroKernel.DefaultKernel.CreateComponentActivator(Castle.Core.ComponentModel)
at Castle.MicroKernel.Handlers.DefaultHandler.InitDependencies()
at Castle.MicroKernel.Handlers.AbstractHandler.Init(Castle.MicroKernel.IKernelInternal)
at Castle.MicroKernel.Handlers.DefaultHandlerFactory.Create(Castle.Core.ComponentModel)
at Castle.MicroKernel.DefaultKernel.AddCustomComponent(Castle.Core.ComponentModel)
at Castle.MicroKernel.DefaultKernel.Register(Castle.MicroKernel.Registration.IRegistration[])
at Castle.Windsor.WindsorContainer.Register(Castle.MicroKernel.Registration.IRegistration[])
at Castle.Windsor.Installer.AssemblyInstaller.Install(Castle.Windsor.IWindsorContainer, Castle.MicroKernel.SubSystems.Configuration.IConfigurationStore)
at Castle.Windsor.WindsorContainer.Install(Castle.MicroKernel.Registration.IWindsorInstaller[], Castle.Windsor.Installer.DefaultComponentInstaller)
at Castle.Windsor.WindsorContainer.Install(Castle.MicroKernel.Registration.IWindsorInstaller[])
at Citrix.AppLayering.Agent.Service.Program.ConfigureWindsorForService()
at Citrix.AppLayering.Agent.Service.Program.Main(System.String[])
Related:
SEP 14.2 crashes
I need a solution
We have started testing SEP 14.2 and on atleast two of our Windows 10 machines we see that the SEP service crashes right after boot.
We have tried uninstalling all features except AV and the problem still persist.
If we are quick we are able to open the SEP GUI right after boot before it crashes. It will then be green until it turns red and malfunctioning.
At this point the SEPmaster service stops and we can’t open the GUI.
Anyone else experiencing this problem?
The environment is enrolled into the cloud
Torb
0
Related:
7022943: Attachmate.Emulation.Frame.EXE experiences crash on load when .NET machine.config file has malformed XML
The Attachmate.Emulation.Frame.EXE from Reflection Desktop 16 can experience a crash on load when the .NET machine.config file has malformed XML. The IBM ACCESS application for .NET can corrupt the .NET interface file named “machine.config” as noted in the following link.
http://www-01.ibm.com/support/docview.wss?uid=nas8N1012022
http://www-01.ibm.com/support/docview.wss?uid=nas8N1012022
Then when the Attachmate.Emulation.Frame.EXE from Reflection Desktop 16 loads, the .NET framework will generate an exception code that is passed to the Reflection Desktop software and this exception causes the Reflection Workspace to crash with the following types of errors listed below:
First error that appears:
Faulting application name: Attachmate.Emulation.Frame.exe, version: 16.0.209.0, time stamp:0x561cc4a5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19110, time stamp: 0x56842600
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xeb4
Faulting application start time: 0x01d15ed2aa44d69a
Faulting application path: C:Program Files (x86)Micro FocusReflectionAttachmate.Emulation.Frame.exe
Faulting module path: C:Windowssyswow64KERNELBASE.dll
Second error:
Application: Attachmate.Emulation.Frame.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[])
at System.Xml.XmlTextReaderImpl.ThrowTagMismatch(NodeData)
at System.Xml.XmlTextReaderImpl.ParseEndElement()
at System.Xml.XmlTextReaderImpl.ParseElementContent()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlTextReader.Read()
at System.Xml.XmlTextReaderImpl.Skip()
at System.Xml.XmlTextReader.Skip()
at System.Configuration.XmlUtil.StrictSkipToNextElement(System.Configuration.ExceptionAction)
at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil,System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean)
at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil)
at System.Configuration.BaseConfigurationRecord.InitConfigFromFile()
Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(System.String)
Exception Info: System.Configuration.ConfigurationErrorsException
at System.Configuration.ConfigurationManager.PrepareConfigSystem()
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.PrivilegedConfigurationManager.GetSection(System.String)
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at Attachmate.Utilities.ProfileTrace.WriteLine(System.Object, System.String)
at Attachmate.Emulation.Frame.FrameApplication..ctor()
at Attachmate.Emulation.Frame.Program.Main()
Related:
14.0.1 Hot Fix 2 Still Crashing on Remote Connection
I need a solution
After applying hotfix 1 for the “Product Error Requires Attention” on some of my machines, I noticed using Bomgar to remote into clients would cause the crash as described here:
https://support.symantec.com/en_US/article.TECH248…
I applied the new hotfix today and SEP still crashes when remoting into the machine, but this time without a popup. The GUI will crash and all the services will then stop and then restart.
I have a case in, but the engineer is telling me the only way to roll back is to uninstall (using cleanwipe) from all the machines I’ve updated and then re-install fresh. (Case 13986722). Are there any other answers for me?
0