Advisory CORELAN-10-022 Reference : CVE-2010-1316 Disclosure date : April 8th, 2010 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-022 00 : Vulnerability information Product : Tembria Server Monitor Version : 5.6.0 Vendor : Don Leclair / tembria.com URL : http://www.tembria.com/download/ Platform : Windows Type of vulnerability : Stack overflow Risk rating : Medium Issue fixed in version : 5.6.1 (released april 8) Vulnerability discovered by : Lincoln Corelan Team : http://www.corelan.be:8800/index.php/security/corelan-team-members/ 01 : Vendor description of software From the vendor website: "Tembria Server Monitor continuously monitors your network for potential problems so you don't have to. Supporting popular Internet protocols, Tembria Server Monitor watches for specific conditions and notifies you if a problem is detected." 02 : Vulnerability details The HTTP service is vulnerable to a buffer overflow, allowing a malicious person to trigger a remote Denial Of Service condition by sending a specially crafted GET,PUT, or HEAD request to the Server.The application service then immediately stops and requires the user to restart the service. Remote code execution may be possible. No user intervention is required to trigger the overflow/DoS. Corelan would like to mention that the software vendor was very cooperative and proactive with communication and addressing the issue in a timely manner. 03 : Author/Vendor communication March 31 2010 : author contacted March 31 2010 : author replies, ask for proof of concept March 31 2010 : Corelan sends proof of concept April 5 2010 : Corlean ask for update April 5 2010 : author replies back with patched software April 5 2010 : Corelan verifies issue fixed in new version April 8 2010 : fixed version released April 9 2010 : public disclosure 04: PoC Proof of concept is available at the following URL : http://www.corelan.be:8800/wp-content/forum-file-uploads/admin1/exploits/corelan_lincoln_tembria.py_.txt