|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 7058 CVE : CVE-2009-4654 CWE : CWE-119 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : Hellcode Published : 02.03.2010
Advisory Content : Vendor: Novell Product: eDirectory for Windows Version: 8.8 SP5 Vulnerability: Stack Overflow Description: Vulnerability is in "/dhost/httpstk" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. The specific flaw exists in the handling of URL parameters when posting to the login form of the HTTPSTK web server. ( <FORM method="post" action="/dhost/httpstk;submit"> ) Successful exploitation can lead to complete system compromise under the SYSTEM credentials. Authentication is required to exploit this vulnerability. Debugger Results: (ea8.aec): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=41414141 ebx=734c4d90 ecx=035efe24 edx=00000193 esi=035efe24 edi=035efe24 eip=62408f23 esp=035efd20 ebp=035efd6c iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Novell\NDS\httpstk.dlm - httpstk!HT_RspCCSetNoCache+0x5fb: 62408f23 80b8e500000000 cmp byte ptr [eax+0E5h],0 ds:0023:41414226=?? 0:007> g (ea8.aec): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=41414141 edx=77569bad esi=00000000 edi=00000000 eip=41414141 esp=035ef950 ebp=035ef970 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 41414141 ?? ??? 0:007> !exchain 035ef964: ntdll!RtlRaiseStatus+c8 (77569bad) 035eff34: 41414141 Invalid exception stack at 41414141 Credit to: karak0rsan and murderkey from Hellcode Research www.hellcode.net Proof of Concept: http://tcc.hellcode.net/sploitz/httpstk.txt Original Advisory: http://tcc.hellcode.net/advisories/hellcode-adv005.txt References : http://xforce.iss.net/xforce/xfdb/54308
http://www.securitytracker.com/id?1023188
http://www.securityfocus.com/bid/37042
http://www.securityfocus.com/archive/1/archive/1/507926/100/0/threaded
http://tcc.hellcode.net/sploitz/httpstk.txt
http://tcc.hellcode.net/advisories/hellcode-adv005.txt
http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |