Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Dell OpenManage Server Administrator Heap Overflow Vulnerability
- From: Howell, Paul
- Date: Tue Mar 02 07:49:20 2004
At http://secunia.com/advisories/10994/print/
TITLE:
Dell OpenManage Server Administrator Heap Overflow Vulnerability
SECUNIA ADVISORY ID:
SA10994
RELEASE DATE:
2004-02-27
VERIFY ADVISORY:
http://secunia.com/advisories/10994/
CRITICAL:
Highly critical
WHERE:
>From remote
IMPACT:
DoS
System access
SOFTWARE:
Dell OpenManage Systems Management
DESCRIPTION:
wirepair has reported a vulnerability in the Dell OpenManage Server
Administrator, which potentially can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the integrated web
server when handling certain HTTP POST requests. This can be exploited to
cause a heap overflow by sending a specially crafted POST request containing
a hidden application variable set to an overly long string.
The vulnerability has been reported in OpenManage 3.7.0. Other versions may
also be affected.
SOLUTION:
Restrict access to the web interface (default port 1311/TCP), allowing only
trusted IP addresses to connect.
REPORTED BY CREDITS:
wirepair
ORIGINAL ADVISORY:
http://sh0dan.org/files/domadv.txt
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
