Zarafa Collaboration Platform <= 7.1.7 remote crash

2014.02.01
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

CVE-2014-0037 Affected product: Zarafa Collaboration Platform <= 7.1.7 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete A flaw in Zarafa has been discovered that allows a remote unauthenticated attacker to crash the zarafa-server daemon with a segmentation fault, preventing access to any other legitimate Zarafa users. This flaw has been fixed beginning with the release of Zarafa 7.1.8 beta2 ( http://download.zarafa.com/community/beta/7.1/7.1.8beta2-43059/ ). We encourage any users of Zarafa to update to this new version or apply the patch supplied below. Zarafa would like to thank Robert Scheck from ETES (http://www.etes.de) for discovering and reporting this issue. Index: provider/libserver/ECSession.cpp =================================================================== diff -u -N -r41872 -r42919 --- provider/libserver/ECSession.cpp (.../ECSession.cpp) (revision 41872) +++ provider/libserver/ECSession.cpp (.../ECSession.cpp) (revision 42919) @@ -846,6 +846,13 @@ { ECRESULT er = erSuccess; + if (!lpszName) + { + // Commandment 2: Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end. + m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument lpszName in call to ECAuthSession::ValidateUserLogon()"); + er = ZARAFA_E_INVALID_PARAMETER; + goto exit; + } // SYSTEM can't login with user/pass if(stricmp(lpszName, ZARAFA_ACCOUNT_SYSTEM) == 0) { er = ZARAFA_E_NO_ACCESS; @@ -888,6 +895,12 @@ char *localAdminUsers = NULL; #endif + if (!lpszName) + { + m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument lpszName in call to ECAuthSession::ValidateUserSocket()"); + er = ZARAFA_E_INVALID_PARAMETER; + goto exit; + } p = m_lpSessionManager->GetConfig()->GetSetting("allow_local_users"); if (p && !stricmp(p, "yes")) { allowLocalUsers = true; -- Mit freundlichen Gren, Best regards, Met vriendelijke groet, Sinc&#232;rement, Cordiali saluti, Atentamente, Michael Kromer VP Products & Architecture [T] +49 179 9300840 [E] m.kromer () zarafa com ------------------------------------------------- Zarafa: Open - Compatible - Enterprise

References:

http://seclists.org/oss-sec/2014/q1/199


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top