Advisory : CORELAN-10-022
Reference : CVE-2010-1316
Disclosure date : April 8th, 2010
00 : Vulnerability information
Product : Tembria Server Monitor
Version : 5.6.0
Vendor : Don Leclair / tembria.com
URL : http://www.tembria.com/download/
Platform : Windows
Type of vulnerability : Stack overflow
Risk rating : Medium
Issue fixed in version : 5.6.1 (released april 8)
Vulnerability discovered by : Lincoln
Corelan Team :
01 : Vendor description of software
From the vendor website:
"Tembria Server Monitor continuously monitors your network for potential problems so you don't have to. Supporting popular Internet protocols, Tembria Server Monitor watches for specific conditions and notifies you if a problem is detected."
02 : Vulnerability details
The HTTP service is vulnerable to a buffer overflow, allowing a malicious person to trigger a remote Denial Of Service condition by sending a specially crafted GET,PUT, or HEAD request to the Server.The application service then immediately stops and requires the user to restart the service.
Remote code execution may be possible.
No user intervention is required to trigger the overflow/DoS
Corelan would like to mention that the software vendor was very cooperative and proactive with communication and addressing the issue in a timely manner.
03 : Author/Vendor communication
March 31 2010 : author contacted
March 31 2010 : author replies, ask for proof of concept
March 31 2010 : Corelan sends proof of concept
April 5 2010 : Corlean ask for update
April 5 2010 : author replies back with patched software
April 5 2010 : Corelan verifies issue fixed in new version
April 8 2010 : fixed version released
April 9 2010 : public disclosure