| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security at Dunkel.de (Axel Dunkel) Subject: Buffer Overflows in Novell iChain Authentication -----BEGIN PGP SIGNED MESSAGE----- Dunkel Advisory: NoviChain-1 Summary : Buffer Overflows in Novell iChain Authentication Product Date : 2003 May 15, 12:00 GMT Release date : 2003 Jun 05, 12:00 GMT Revision : 1.0 ******************************************************************** *** SUMMARY ******************************************************************** The Novell iChain product provides identity-based web security services that control access to application and network resources across technical and organizational boundaries. Buffer overflows allow users without authenticating to crash the iChain Server. Due to the nature of the overflow it is likely that this can lead to remote administrative access to the server and thus full access to the protected networks. ******************************************************************** *** Affected products ******************************************************************** Affected products: Novell iChain Server 2.1 SP2 Novell iChain Server 2.2 Novell iChain Server 2.2 incl. Field Patch 1 (see details) ******************************************************************** *** Details ******************************************************************** The length of the username is only restricted by the SIZE parameter in the HTML forms but not in the iChain proxy itself. This can be exploited easily by sending a overly long username in the authentication dialog which causes the iChain Server to abend (freeze). In iChain 2.2 Field Patch 1 the username has to be at the end of the POST parameter list otherwise iChain only prompts with a message stating missing parameters. Allthough we are not aware of any exploits in the wild it seems sure that this is being used to gain access in any targeted attack since this vulnerability can be found and exploited easily. ******************************************************************** *** Fixes & Workarounds ******************************************************************** Currently no fixes or workarounds are known. ******************************************************************** *** Distribution ******************************************************************** Dunkel GmbH, http://www.Dunkel.de/ , security@...kel.de This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, and include complete origin information. -----BEGIN PGP SIGNATURE----- Version: GnuPG iQCVAwUBPsk+lEzf+gLrqrKRAQF4PgP6A+MSgJCnixWPMAMgLs154UL0Ns88bqkY qnE7m2HrInpmzA/OuLrWLZ8fWcifO/8s6s41voY8hhQF0owwAxxT7Nm8822J1lmh UtexUSlT5GDuzdBNLba7psu+pKaagM29XQ3PxLXi3TZRwhso/bpc07jW6Sg3Dca3 eqWIc4BByWU= =KL8E -----END PGP SIGNATURE----- --- Systemberatung A. Dunkel GmbH, Gutenbergstr. 5, D-65830 Kriftel Tel.: +49-6192-9988-0, Fax: +49-6192-9988-99, E-Mail: ad@...kel.de
Powered by blists - more mailing lists