Security Advisory-Buffer Overflow on Stack in HTTP Module

2012-08-04T00:00:00
ID HUAWEI-SA-20120808-02-HTTP-MODULE
Type huawei
Reporter Huawei Technologies
Modified 2012-08-14T00:00:00

Description

Branch Intelligent Management System (BIMS) and Web management is provided by Huawei for network and device management. Both BIMS and Web management use HTTP. Therefore, to use BIMS and Web management, you must enable HTTP. Attackers can make stack overflow by sending messages with the URI whose length is more than the declared length. Attackers can remotely execute arbitrary commands (Vulnerability ID: HWNSIRT-2012-0804). This vulnerability was first reported by Felix Lindner of Recurity Labs GmbH. Currently, workarounds are available and are detailed below.