lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090308030646.F049A158045@smtp.hushmail.com> Date: Sat, 07 Mar 2009 22:06:46 -0500 From: "Elazar Broad" <elazar@...hmail.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Who: Belkin International, Inc. http://www.belkin.com What: Belkin BullDog Plus UPS Management Software v4.0.2 Build 1219 UPS-Service.exe v1.0.0.1 dated 12/19/2006 How: The UPS management software contains a built-in web server which allows for remote management of the UPS. The management interface is protected by a username and password. Authentication is performed via Basic authentication. There is a small stack-based overflow in the base64 decoding routine which handled the Basic authentication data. Caveats: The web server is not enabled by default. Exploit: The size of the buffer is too small for shellcode, however, this can be stored in the GET request, which sits at esp+0x58. Fix: I was unable to locate any security contact information for this vendor, so I attempted to contact their support department, which turned out to be waste of time. Workaround: As previously stated, the web server is not enabled by default. If you do need to use it, use a firewall or OS port filtering capabilities to restrict access. Elazar -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkmzNkYACgkQi04xwClgpZiDbAP/TY+XD+L+LOXZ7XbFf5QL+t0UILhh 1dMv3Q565keOjTXbREbaS602KjZk5D1t2chPxvDCecjgCu5oghrTkmzYcG1cS+o8H9HP CHw58Ckl0u8qwFX04knxD721YQGihoASrKIVQXPexV9xwW1LAfn/6qW3r8dKTopayjL3 039YSEM= =BoqQ -----END PGP SIGNATURE----- -- Free information - Learn about Hardwood Floors. Click now! http://tagline.hushmail.com/fc/BLSrjkqfXT1M3QReMMSa5Cm5PutBynYJHMxNZHYSJcrlcpIUIlqZaYxtQha/
Powered by blists - more mailing lists