Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability
From: "Elazar Broad" <elazar () hushmail com>
Date: Sat, 07 Mar 2009 22:06:46 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Who:
Belkin International, Inc.
http://www.belkin.com

What:
Belkin BullDog Plus UPS Management Software
v4.0.2 Build 1219

UPS-Service.exe
v1.0.0.1
dated 12/19/2006

How:
The UPS management software contains a built-in web server which
allows for remote management of the UPS. The management interface
is protected by a username and password. Authentication is
performed via Basic authentication.

There is a small stack-based overflow in the base64 decoding
routine which handled the Basic authentication data.

Caveats:
The web server is not enabled by default.

Exploit:
The size of the buffer is too small for shellcode, however, this
can be stored in the GET request, which sits at esp+0x58.

Fix:
I was unable to locate any security contact information for this
vendor, so I attempted to contact their support department, which
turned out to be waste of time.

Workaround:
As previously stated, the web server is not enabled by default.
If you do need to use it, use a firewall or OS port filtering
capabilities to restrict access.

Elazar
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkmzNkYACgkQi04xwClgpZiDbAP/TY+XD+L+LOXZ7XbFf5QL+t0UILhh
1dMv3Q565keOjTXbREbaS602KjZk5D1t2chPxvDCecjgCu5oghrTkmzYcG1cS+o8H9HP
CHw58Ckl0u8qwFX04knxD721YQGihoASrKIVQXPexV9xwW1LAfn/6qW3r8dKTopayjL3
039YSEM=
=BoqQ
-----END PGP SIGNATURE-----

--
Buy Hardwood Floors Direct - Click Here.
 http://tagline.hushmail.com/fc/BLSrjkqfXT1MaBe0v5mHgjnSKBLLYBxkmGOXAgcWGLeKaTo4BJXSrKnZAoo/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Belkin BullDog Plus UPS-Service Buffer Overflow Vulnerability Elazar Broad (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault