Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 31 Jan 2014 12:08:01 +0100
From: Michael Kromer <m.kromer@...afa.com>
To: oss-security@...ts.openwall.com
  <oss-security@...ts.openwall.com>
Cc: Robert Scheck <robert@...oraproject.org>, 
 Robert Scheck <robert.scheck@...s.de>, 
 secalert@...hat.com <secalert@...hat.com>
Subject: Security Flaw CVE-2014-0037

CVE-2014-0037

Affected product: Zarafa Collaboration Platform <= 7.1.7

Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete

A flaw in Zarafa has been discovered that allows a remote unauthenticated attacker to crash the zarafa-server daemon with a segmentation fault, preventing access to any other legitimate Zarafa users. This flaw has been fixed beginning with the release of Zarafa 7.1.8 beta2 ( http://download.zarafa.com/community/beta/7.1/7.1.8beta2-43059/ ). We encourage any users of Zarafa to update to this new version or apply the patch supplied below.

Zarafa would like to thank Robert Scheck from ETES (http://www.etes.de) for discovering and reporting this issue.

Index: provider/libserver/ECSession.cpp
===================================================================
diff -u -N -r41872 -r42919
--- provider/libserver/ECSession.cpp	(.../ECSession.cpp)	(revision 41872)
+++ provider/libserver/ECSession.cpp	(.../ECSession.cpp)	(revision 42919)
@@ -846,6 +846,13 @@
 {
 	ECRESULT er = erSuccess;
 	
+	if (!lpszName)
+	{
+		// Commandment 2: Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end.
+		m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument lpszName in call to ECAuthSession::ValidateUserLogon()");
+		er = ZARAFA_E_INVALID_PARAMETER;
+		goto exit;
+	}
 	// SYSTEM can't login with user/pass
 	if(stricmp(lpszName, ZARAFA_ACCOUNT_SYSTEM) == 0) {
 		er = ZARAFA_E_NO_ACCESS;
@@ -888,6 +895,12 @@
 	char			*localAdminUsers = NULL;
 #endif
 
+	if (!lpszName)
+	{
+		m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument lpszName in call to ECAuthSession::ValidateUserSocket()");
+		er = ZARAFA_E_INVALID_PARAMETER;
+		goto exit;
+	}
 	p = m_lpSessionManager->GetConfig()->GetSetting("allow_local_users");
 	if (p && !stricmp(p, "yes")) {
 		allowLocalUsers = true;


--
Mit freundlichen Grüßen,
Best regards,
Met vriendelijke groet,
Sincèrement,
Cordiali saluti,
Atentamente,

Michael Kromer
VP Products & Architecture

[T] +49 179 9300840
[E] m.kromer@...afa.com
------------------------------------------------- 
Zarafa: Open - Compatible - Enterprise

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ