[Full-disclosure] Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
elazar at hushmail.com
Sun Mar 8 03:06:46 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Belkin International, Inc.
Belkin BullDog Plus UPS Management Software
v4.0.2 Build 1219
The UPS management software contains a built-in web server which
allows for remote management of the UPS. The management interface
is protected by a username and password. Authentication is
performed via Basic authentication.
There is a small stack-based overflow in the base64 decoding
routine which handled the Basic authentication data.
The web server is not enabled by default.
The size of the buffer is too small for shellcode, however, this
can be stored in the GET request, which sits at esp+0x58.
I was unable to locate any security contact information for this
vendor, so I attempted to contact their support department, which
turned out to be waste of time.
As previously stated, the web server is not enabled by default.
If you do need to use it, use a firewall or OS port filtering
capabilities to restrict access.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
-----END PGP SIGNATURE-----
Buy Hardwood Floors Direct - Click Here.
Full-Disclosure is hosted and sponsored by Secunia.