Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008
CVE: CVE-2008-2234
BID: 30694
OSVDB: 47534

Background

Openwsman is an open-source implementation of the Web Services Management specification.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic Authentication header.

Resolution

Upgrade to Openwsman 2.1.0 or higher, or install a fixed package from your Linux vendor.

References

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html

Limitations

Exploit works on Openwsman 2.0.0 on Red Hat Enterprise Linux 4 Update 4.

In order for the exploit to succeed, Openwsman must be running in debug mode (openwsmand -d) with code execution on the stack enabled (execstack -s openwsmand).

Platforms

Linux

Back to exploit index