lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030607230059.27270.qmail@darwin.dunkel.de>
From: security at Dunkel.de (Axel Dunkel)
Subject: Buffer Overflows in Novell iChain Authentication

-----BEGIN PGP SIGNED MESSAGE-----


Dunkel Advisory: NoviChain-1
Summary        : Buffer Overflows in Novell iChain Authentication 
Product

Date           : 2003 May 15, 12:00 GMT
Release date   : 2003 Jun 05, 12:00 GMT
Revision       : 1.0


********************************************************************
*** SUMMARY
********************************************************************

The Novell iChain product provides identity-based web security 
services that  control access to application and network resources 
across technical and organizational boundaries.

Buffer overflows allow users without authenticating to crash the 
iChain Server. Due to the nature of the overflow it is likely that 
this can lead to remote administrative access to the server and thus
full access to the protected networks.


********************************************************************
*** Affected products
********************************************************************

Affected products: 
  Novell iChain Server 2.1 SP2
  Novell iChain Server 2.2
  Novell iChain Server 2.2 incl. Field Patch 1 (see details)


********************************************************************
*** Details
********************************************************************

The length of the username is only restricted by the SIZE parameter 
in the HTML forms but not in the iChain proxy itself. This can be 
exploited easily by sending a overly long username in the 
authentication dialog which causes the iChain Server to abend (freeze). 

In iChain 2.2 Field Patch 1 the username has to be at the end of the 
POST parameter list otherwise iChain only prompts with a message 
stating missing parameters.

Allthough we are not aware of any exploits in the wild it seems sure 
that this is being used to gain access in any targeted attack since 
this vulnerability can be found and exploited easily.


********************************************************************
*** Fixes & Workarounds
********************************************************************

Currently no fixes or workarounds are known.


********************************************************************
*** Distribution
********************************************************************

Dunkel GmbH, http://www.Dunkel.de/ , security@...kel.de
This notice may be redistributed freely after the release date given 
at the top of the text, provided that redistributed copies are 
complete and unmodified, and include complete origin information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG 

iQCVAwUBPsk+lEzf+gLrqrKRAQF4PgP6A+MSgJCnixWPMAMgLs154UL0Ns88bqkY
qnE7m2HrInpmzA/OuLrWLZ8fWcifO/8s6s41voY8hhQF0owwAxxT7Nm8822J1lmh
UtexUSlT5GDuzdBNLba7psu+pKaagM29XQ3PxLXi3TZRwhso/bpc07jW6Sg3Dca3
eqWIc4BByWU=
=KL8E
-----END PGP SIGNATURE-----

---
Systemberatung A. Dunkel GmbH, Gutenbergstr. 5, D-65830 Kriftel
Tel.: +49-6192-9988-0, Fax: +49-6192-9988-99,   E-Mail: ad@...kel.de



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ