BID:39638

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

Info

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

Bugtraq ID:	39638
Class:	Boundary Condition Error
CVE:	CVE-2010-1316
Remote:	Yes
Local:	No
Published:	Apr 08 2010 12:00AM
Updated:	Apr 08 2010 12:00AM
Credit:	Lincoln
Vulnerable:	Tembria Tembria Server Monitor 5.6

Not Vulnerable:	Tembria Tembria Server Monitor 5.6.1

Discussion

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

Tembria Server Monitor is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Tembria Server Monitor 5.6.1 are vulnerable.

Exploit / POC

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

The following proof of concept is available:

/data/vulnerabilities/exploits/39638.py

Solution / Fix

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Tembria Server Monitor HTTP Request Remote Buffer Overflow Vulnerability

References:

CORELAN-10-022 �?? Tembria Server Monitor 5.6.0 Remote DoS (Lincoln)
Tembria Server Monitor - Version History (Tembria)
Tembria Server Monitor Homepage (Tembria )