ID CVE-2004-0331
Summary Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
References
Vulnerable Configurations
  • Dell OpenManage 3.2
    cpe:2.3:a:dell:openmanage:3.2
  • Dell OpenManage 3.4
    cpe:2.3:a:dell:openmanage:3.4
  • Dell OpenManage 3.7
    cpe:2.3:a:dell:openmanage:3.7
  • Dell OpenManage 3.7.1
    cpe:2.3:a:dell:openmanage:3.7.1
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
metasploit via4
description This module exploits a heap overflow in the Dell OpenManage Web Server (omws32.exe), versions 3.2-3.7.1. The vulnerability exists due to a boundary error within the handling of POST requests, where the application input is set to an overly long file name. This module will crash the web server, however it is likely exploitable under certain conditions.
id MSF:AUXILIARY/DOS/HTTP/DELL_OPENMANAGE_POST
last seen 2019-03-12
modified 2017-11-08
published 2009-06-23
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/dell_openmanage_post.rb
title Dell OpenManage POST Request Heap Overflow (win32)
refmap via4
bid 9750
bugtraq 20040226 Dell OpenManage Web Server Heap Overflow (Pre-Auth)
misc http://sh0dan.org/files/domadv.txt
xf dell-openmanage-ocsgetoeminpathfile-bo(15325)
Last major update 17-10-2016 - 22:44
Published 23-11-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top