lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAKZyQkx=Gafi4Esxs0T3e58Bo86UimFUTetAhBxgqyKV1ThZWw@mail.gmail.com>
Date: Mon, 8 Apr 2013 10:38:51 -0700
From: Ken <catatonicprime@...il.com>
To: bugtraq@...urityfocus.com
Subject: [CVE-2012-5389] Null Pointer Derefence in Dart Webserver <= 1.9.2

Overview
===============
DartWebserver.Dll is an HTTP server provided by Dart Comunications
(dart.com). It is distributed in their PowerTCP/Webserver For ActiveX
product and likely other similar products.

"Build web applications in any familiar software development
environment. Use WebServer for ActiveX to add web-based access to
traditional compiled applications."

Version 1.9.2 and prior is vulnerable to a null pointer dereference,
these maybe generated by making a malformed request to the server.

Analysis
===============
During the processing of incoming HTTP requests the server may process
malformed requests leading to the a null pointer dereference, this
causes an exception which is not handled and the parent process
crashes. This will lead to a Denial of Service (DoS) condition. To my
knowledge this bug can *not* be used to gain access to any other CPU
registers.

The malformed packet of the format:

GET / HTTP/1.1\nContent-Length:-1\n\n

The reliability of this bug is low, requiring upwards of several
hundred requests to be processed before causing the exception. This
may be system specific, relying heavily on the host operating system's
pre-existing condition. So, if at first you do not succeed in
replicating this bug - try and try again.

Timeline
===============
10/15/2012 - Contacted vendor with an incident report.
10/15/2012 - Contacted Mitre for CVE assignment
10/17/2012 - CVE-ID Assigned
10/18/2012 - Contacted vendor with assigned CVE-ID
10/19/2012 - Vendor replied with questions about the incident report
and vulnerability
10/19/2012 - Incident report found, vulnerability details clarified
10/30/2012 - Vendor contacted researcher with an update of the status
of the bug report, indicating they do not have time to investigate the
cause of the vulnerability.
04/08/2013 - Public disclosure to Bugtraq.

More information
===============
To see more of my work and research, stop by to visit and follow my blog:
http://sadgeeksinsnow.blogspot.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ