This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.
The application is affected by multiple buffer overflow
The web server component of SBLIM-SFCB that is listening on the
remote host contains multiple heap-based buffer overflows that can be
triggered by sending an HTTP request with a specially crafted
Content-Length header. Specifically :
- There is a particular scenario where heap corruption can
exist if httpMaxContentLength in sfcb.cfg is set to 0
and the Content-Length of a request is 4294967290,
getPayload() will try to memcpy() into an incorrectly
sized buffer due to wrap around (we add 8 to
Content-Length in the malloc). Also, sfcb.cfg states
that the default value for httpMaxContentLength _is_ 0,
which is untrue.
- httpAdapter contains a heap overflow that is caused by an
HTTP request with the Content-Length value being smaller
than the actual size of the payload. The affect of this bug
can cause the handling HTTP process to crash. If the
request is specially crafted, arbitrary code execution
Successful exploit of these vulnerabilities may result in a server
crash or execution of arbitrary code in the context of the server.
See also :
Upgrade to version 1.3.8
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 46802 ()
Bugtraq ID: 40475
CVE ID: CVE-2010-1937CVE-2010-2054
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.