Jonny Lamb
2007-12-19 20:36:43 UTC
Greetings.
vdccm 0.10.1 has been released. This is a point release mainly to fix a
security vulnerability that was presented to us by Core Security
Technologies. Many thanks for that report.
What is vdccm?
==============
vdccm is a daemon to keep a connection to your WinCE and WM5 device up.
It maintains a connection to a device, responding to keepalives and
providing other members of the SynCE suite of tools with details of the
IP address and providing the ability to autorun scripts upon connection.
Changes since 0.10.0
====================
* GCC 4.3 compile bug fixed.
* Fixed connection file write when password involved (Mark Ellis).
* Fixed a potential denial of service attack. (Volker Christian).
Security information
====================
(The following comes from Core Security Technologies' report.)
The vdccm daemon (part of the SynCE package) is vulnerable to a remote
command injection, which can be exploited by malicious remote attackers.
The vulnerability is due to the vdccm daemon not properly sanitizing
certain input before using it to invoke external scripts. This can be
exploited to execute arbitrary commands with the privileges of the vdccm
daemon by sending specially crafted requests.
Vulnerable packages Synce-dccm since version 0.92 Non-vulnerable
packages Synce-dccm 0.91 and earlier.
The vdccm daemon listens on port 5679 for incoming connections from a
Windows CE device. The command injection exist on the name of the
connected device. The code at src/utils.cpp, function Utils::runScripts
contains the following code:
string command = string(path) + " " + action + " " + deviceName;
system(command.c_str());
The contents of the string variable âdeviceNameâ is controlled by the
attacker.
Enjoy.
vdccm 0.10.1 has been released. This is a point release mainly to fix a
security vulnerability that was presented to us by Core Security
Technologies. Many thanks for that report.
What is vdccm?
==============
vdccm is a daemon to keep a connection to your WinCE and WM5 device up.
It maintains a connection to a device, responding to keepalives and
providing other members of the SynCE suite of tools with details of the
IP address and providing the ability to autorun scripts upon connection.
Changes since 0.10.0
====================
* GCC 4.3 compile bug fixed.
* Fixed connection file write when password involved (Mark Ellis).
* Fixed a potential denial of service attack. (Volker Christian).
Security information
====================
(The following comes from Core Security Technologies' report.)
The vdccm daemon (part of the SynCE package) is vulnerable to a remote
command injection, which can be exploited by malicious remote attackers.
The vulnerability is due to the vdccm daemon not properly sanitizing
certain input before using it to invoke external scripts. This can be
exploited to execute arbitrary commands with the privileges of the vdccm
daemon by sending specially crafted requests.
Vulnerable packages Synce-dccm since version 0.92 Non-vulnerable
packages Synce-dccm 0.91 and earlier.
The vdccm daemon listens on port 5679 for incoming connections from a
Windows CE device. The command injection exist on the name of the
connected device. The code at src/utils.cpp, function Utils::runScripts
contains the following code:
string command = string(path) + " " + action + " " + deviceName;
system(command.c_str());
The contents of the string variable âdeviceNameâ is controlled by the
attacker.
Enjoy.
--
Jonny Lamb, UK ***@jonnylamb.com
http://jonnylamb.com GPG: 0x2E039402
Jonny Lamb, UK ***@jonnylamb.com
http://jonnylamb.com GPG: 0x2E039402