Openwsman HTTP Basic Auth Overflow (Sep 25, 2008)


Web Services Management (WS-Management) is a specification of a SOAP-based protocol for the management of servers, devices, applications and more. Openwsman, maintained by Intel’s Open-Source Technology Center, is a project intended to provide an open-source implementation of the WS-Management and to expose system management information on the Linux operating system.

The openwsman 2.0.0 management service is vulnerable to remote buffer overflow attacks. One of authorization schemes supported by Openwsman is the Basic HTTP authentication. An example of such a request follows:

Authorization: Basic dnJ0OmZvb2Jhcg==

Openwsman decodes and stores the authorization credential to a stack based buffer without performing boundary checks. The buffer has a static size of 4096 bytes. By sending HTTP requests with specially crafted Authorization header value (longer than 5462 bytes), a user without valid login credentials could trigger the buffer overflow. Successful exploitation could lead to execution of arbitrary code on the vulnerable system with the privilege of the openwsman server process.

SonicWALL has released a generic IPS signature that will detect and prevent attacks targeting this vulnerability. The signature to address this vulnerability is:

  • 2060 Openwsman HTTP Basic Authentication BO Attempt
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.