[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Vulnerability in Tembria Server Monitor

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>, "secalert@xxxxxxxxxxxxxxxxxx" <secalert@xxxxxxxxxxxxxxxxxx>, "vuln@xxxxxxxxxxx" <vuln@xxxxxxxxxxx>
Subject: [Full-disclosure] Vulnerability in Tembria Server Monitor
From: Security <security@xxxxxxxxxx>
Date: Fri, 9 Apr 2010 23:48:10 +0200

Hi,

Please find the advisory in attachment.

Regards,

Sébastien Duquette
Corelan Team

Advisory CORELAN-10-022

Reference       : CVE-2010-1316
Disclosure date : April 8th, 2010
http://www.corelan.be:8800/advisories.php?id=CORELAN-10-022

 

00 : Vulnerability information

 Product : Tembria Server Monitor
 Version : 5.6.0
 Vendor :  Don Leclair / tembria.com
 URL : http://www.tembria.com/download/
 Platform : Windows
 Type of vulnerability : Stack overflow
 Risk rating : Medium
 Issue fixed in version : 5.6.1 (released april 8)
 Vulnerability discovered by : Lincoln
 Corelan Team :
 http://www.corelan.be:8800/index.php/security/corelan-team-members/

 

01 : Vendor description of software

From the vendor website:

"Tembria Server Monitor continuously monitors your network for potential
problems so you don't have to. Supporting popular Internet protocols, Tembria
Server Monitor watches for specific conditions and notifies you if a problem is
detected."


02 : Vulnerability details

The HTTP service is vulnerable to a buffer overflow, allowing a malicious 
person to trigger a remote Denial Of Service condition by sending a specially
crafted GET,PUT, or HEAD request to the Server.The application service then
immediately stops and requires the user to restart the service.

Remote code execution may be possible.
No user intervention is required to trigger the overflow/DoS.

Corelan would like to mention that the software vendor was very cooperative and
proactive with communication and addressing the issue in a timely manner.

 

03 : Author/Vendor communication

 March 31 2010 : author contacted
 March 31 2010 : author replies, ask for proof of concept
 March 31 2010 : Corelan sends proof of  concept
 April 5 2010 : Corlean ask for update
 April 5 2010 : author replies back with patched software
 April 5 2010 : Corelan verifies issue fixed in new version
 April 8 2010 : fixed version released
 April 9 2010 : public disclosure

 
04: PoC

Proof of concept is available at the following URL :
http://www.corelan.be:8800/wp-content/forum-file-uploads/admin1/exploits/corelan_lincoln_tembria.py_.txt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Vulnerabilities in TAK cms
Next by Date: [Full-disclosure] [USN-927-1] NSS vulnerability
Previous by thread: [Full-disclosure] ZDI-10-068: Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability
Next by thread: [Full-disclosure] [USN-927-1] NSS vulnerability
Index(es):
- Date
- Thread