|
|
|
|
| |
Credit:
The information has been provided by Rub n Santamarta.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/
|
| |
Vulnerable Systems:
* Motorola Timbuktu Pro version 8.6.5
Timbuktu fails to properly handle user-supplied data passed through a named pipe session. When the PlughNTCommand named pipe receives an overly large character string, a buffer overflow will occur resulting in arbitrary code execution.
Exploitation of this issue allows an attacker to execute arbitrary code with SYSTEM privileges. An attacker would need to locate a system running the Timbuktu Pro software. Upon finding a system that is running the vulnerable software, the attacker would check for the availability of the PlughNTCommand named pipe. If the named pipe is available, the attacker can connect and create a session without authenticating. The attacker can then send malformed data to the Timbuktu Pro process, resulting in arbitrary code execution with elevated privileges.
Patch Availability:
Motorola Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URLs:
http://www.netopia.com/software/products/tb2/win/upgrade_version_8.html
http://www.netopia.com/software/products/tb2/
Workaround
A named pipe filter can be applied to the registry. Named pipe filtering can be done in two ways dynamic filtering and white listing. Microsoft provides further details about how to implement this workaround. Named Pipe Filter workaround:
http://support.microsoft.com/kb/925890
CVE Information:
CVE-2009-1394
Disclosure Timeline:
07/09/2008 - Initial Contact
07/14/2008 - Initial vendor response
09/15/2008 - Vendor update received
03/12/2009 - Vendor status requested
03/12/2009 - Vendor update received
04/24/2009 - Vendor status requested
04/24/2009 - Tentative disclosure set to May 13
06/25/2009 - Coordinated Public Disclosure
|
|
|
|
|
