tembria server_monitor 5.6.0 buffer overflow

2010.04.18
Credit: null
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Advisory : CORELAN-10-022 Reference : CVE-2010-1316 Disclosure date : April 8th, 2010 http://www.corelan.be:8800/adv…..LAN-10-022 00 : Vulnerability information Product : Tembria Server Monitor Version : 5.6.0 Vendor : Don Leclair / tembria.com URL : http://www.tembria.com/download/ Platform : Windows Type of vulnerability : Stack overflow Risk rating : Medium Issue fixed in version : 5.6.1 (released april 8) Vulnerability discovered by : Lincoln Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software From the vendor website: "Tembria Server Monitor continuously monitors your network for potential problems so you don't have to. Supporting popular Internet protocols, Tembria Server Monitor watches for specific conditions and notifies you if a problem is detected." 02 : Vulnerability details The HTTP service is vulnerable to a buffer overflow, allowing a malicious person to trigger a remote Denial Of Service condition by sending a specially crafted GET,PUT, or HEAD request to the Server.The application service then immediately stops and requires the user to restart the service. Remote code execution may be possible. No user intervention is required to trigger the overflow/DoS Corelan would like to mention that the software vendor was very cooperative and proactive with communication and addressing the issue in a timely manner. 03 : Author/Vendor communication March 31 2010 : author contacted March 31 2010 : author replies, ask for proof of concept March 31 2010 : Corelan sends proof of concept April 5 2010 : Corlean ask for update April 5 2010 : author replies back with patched software April 5 2010 : Corelan verifies issue fixed in new version April 8 2010 : fixed version released April 9 2010 : public disclosure

References:

http://www.corelan.be:8800/wp-content/forum-file-uploads/admin1/exploits/corelan_lincoln_tembria.py_.txt
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-022
http://secunia.com/advisories/39270


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top