Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 22:15:19 -0600
From: Kurt Seifried <>
To: oss-security <>
Subject: CVE-2015-5185 sblim-sfcb: lookupProviders() null pointer dereference

So the reporter specifically asked us to handle disclosure just now, so
here you go:

Qinghao Tang of QIHU 360 reports:

The function lookupProviders() in sblim-sfcb of version 1.3.4 and 1.3.18
exists a null dereference vulnerability , a remote attacher can cause a
denial of servise (sblim-sfcb crash) via a crafted packet without
"className" info.

Let`s see how this issue happened,the code below is from
./sblim-sfcb-1.3.18/providerMgr.c :

static UtilList *lookupProviders(long type, char *className, char
CMPIStatus *st)
UtilList *lst;
UtilHashTable **ht=provHt(type,1);
char *id;
int rc;


//here, className should be checked



Red Hat BZ:


Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ