[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Security Flaw CVE-2014-0037
From: Michael_Kromer <m.kromer () zarafa ! com>
Date: 2014-01-31 11:08:01
Message-ID: zarafa.52eb8411.0a4f.69b9c913004bc018 () zarafaserver
[Download RAW message or body]
CVE-2014-0037
Affected product: Zarafa Collaboration Platform <= 7.1.7
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Complete
A flaw in Zarafa has been discovered that allows a remote unauthenticated attacker to crash the \
zarafa-server daemon with a segmentation fault, preventing access to any other legitimate \
Zarafa users. This flaw has been fixed beginning with the release of Zarafa 7.1.8 beta2 ( \
http://download.zarafa.com/community/beta/7.1/7.1.8beta2-43059/ ). We encourage any users of \
Zarafa to update to this new version or apply the patch supplied below.
Zarafa would like to thank Robert Scheck from ETES (http://www.etes.de) for discovering and \
reporting this issue.
Index: provider/libserver/ECSession.cpp
===================================================================
diff -u -N -r41872 -r42919
--- provider/libserver/ECSession.cpp (.../ECSession.cpp) (revision 41872)
+++ provider/libserver/ECSession.cpp (.../ECSession.cpp) (revision 42919)
@@ -846,6 +846,13 @@
{
ECRESULT er = erSuccess;
+ if (!lpszName)
+ {
+ // Commandment 2: Thou shalt not follow the NULL pointer, for chaos and madness await thee \
at its end. + m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument \
lpszName in call to ECAuthSession::ValidateUserLogon()"); + er = ZARAFA_E_INVALID_PARAMETER;
+ goto exit;
+ }
// SYSTEM can't login with user/pass
if(stricmp(lpszName, ZARAFA_ACCOUNT_SYSTEM) == 0) {
er = ZARAFA_E_NO_ACCESS;
@@ -888,6 +895,12 @@
char *localAdminUsers = NULL;
#endif
+ if (!lpszName)
+ {
+ m_lpSessionManager->GetLogger()->Log(EC_LOGLEVEL_FATAL, "Invalid argument lpszName in call \
to ECAuthSession::ValidateUserSocket()"); + er = ZARAFA_E_INVALID_PARAMETER;
+ goto exit;
+ }
p = m_lpSessionManager->GetConfig()->GetSetting("allow_local_users");
if (p && !stricmp(p, "yes")) {
allowLocalUsers = true;
--
Mit freundlichen Grüßen,
Best regards,
Met vriendelijke groet,
Sincèrement,
Cordiali saluti,
Atentamente,
Michael Kromer
VP Products & Architecture
[T] +49 179 9300840
[E] m.kromer@zarafa.com
-------------------------------------------------
Zarafa: Open - Compatible - Enterprise
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic