|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3735 CVE : CVE-2008-1302 CVE : CVE-2008-1303 CVE : CVE : CVE-2008-1338 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Given : Yes Credit : Luigi Auriemma Published : 12.03.2008
Advisory Text : ####################################################################### Luigi Auriemma Application: Perforce Server http://www.perforce.com Versions: <= 2007.3/143793 Platforms: Windows, Unix, Linux and Mac Bugs: NULL pointers, invalid memory access and endless loop Exploitation: remote Date: 05 Mar 2008 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== From vendor's website: "Perforce SCM (Software Configuration Management) versions and manages source code and digital assets for enterprises large and small." ####################################################################### ======= 2) Bugs ======= The Perforce server is affected by multiple vulnerabilities which allow any unauthenticated attacker to crash the server or consuming all its resources. The first type of vulnerabilities includes the NULL pointers generated by the absence of some parameters in the client's request and the lack of checks on the pointers returned by the functions which get these values from the packets. The commands affected by these NULL pointer vulnerabilities are the following: dm-FaultFile, dm-LazyCheck, dm-ResolvedFile, dm-OpenFile, crypto and possibly others. A secondary type of vulnerabilities is exploitable through the server-DiffFile and server-ReleaseFile commands, in this case the problem is caused by the 32 bit number provided by the client which is used as amount of elements in the initialization of an array. Another problem is then exploitable again with a malformed server-DiffFile command and allows to force the server in an endless loop which will cause its termination after having consumed all the memory and the resources of the system. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/perforces.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |