| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTinwcDnYamnGUbM30hnc-3Mbpb_H6abDVekPvU8f@mail.gmail.com>
Date: Tue, 21 Dec 2010 07:54:41 +0200
From: Henri Lindberg <henri+lists@...nse.fi>
To: bugtraq@...urityfocus.com
Subject: nSense-2010-004: Sybase Afaria
nSense Vulnerability Research Security Advisory NSENSE-2010-004
---------------------------------------------------------------
Affected Vendor: SAP
Affected Product: Sybase Afaria 6.0
Platform: Windows
Impact: User assisted code execution via CSRF
Vendor response: Patch
CVE: None
Credit: Knud
Technical details
---------------------------------------------------------------
"Afaria is the industry's most powerful and flexible mobile
device management and security solution for the enterprise.
Afaria provides you with a single administrative console to
centrally manage, secure and deploy mobile data, applications
and devices"
The web management interface does not validate the origin of
administrator requests thus it is vulnerable to Cross Site
Request Forgery.
Successful exploitation may allow an attacker to execute code
on the target system via custom malicious event handlers
utilizing UNC paths.
Proof of concept:
http://<target>/AfariaAdmin/WebForms/ErrorHandler.aspx?msg=csrf
&ReloadLink=False
Solution
---------------------------------------------------------------
* Afaria 6.0 Service Pack 1 Hot Fix 28 (Administrator Only)
http://frontline.sybase.com/support/fileDownload.aspx?ID=2133
Release Notes
http://frontline.sybase.com/support/downloads/Afaria/6_0_SP1/
60Sp1AfariaFx28/60Sp1AfariaFx28.htm
* Afaria 6.5 (there are two parts to Afaria 6.5 Hot Fix 55)
Server
http://frontline.sybase.com/support/fileDownload.aspx?ID=2142
Administrator
http://frontline.sybase.com/support/fileDownload.aspx?ID=2143
Release Notes
http://frontline.sybase.com/support/downloads/Afaria/6_5
/65AfariaFx55/65AfariaFx55Admin/65AfariaFx55.htm
Timeline:
August 21st Contacted vendor PSIRT
September 2nd Vendor responded. Patch confirmed
September 2nd Inquired patch release date
September 2nd Vendor responded. No release date yet
available.
September 22nd Status update request sent to vendor
September 23rd Vendor responded. No release date available.
October 6th Status update request sent to vendor
October 7th Vendor responded. The patch had already been
released
October 7th Inquired vendor about attribution
October 7th Vendor responded. Research page under
construction.
November 9th Vendor inquired about attribution details
November 9th Attribution details sent to vendor
November 10th Vendor responded.
December 20th Advisory published
Links:
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/
c05604f6-4eb3-2d10-eea7-ceb666083a6a
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
Powered by blists - more mailing lists