|
|
|
Desktop Management Interface DMI |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Anyone scanning a Sun Solaris box for RPC services can usually expect a number of them to be running and available. Some of the services such as status or rquotad are well documented and well known, so researching their purpose and functions is trivial. But writing client operations for some programs can be easier than others, such as DMI. DMI stands for Desktop Management Interface, a specification to establish a framework that handles communication between management software and managed components. DMI can be used locally or remotely through RPC and is mappable to other management protocols such as SNMP. DMI has four components. 1 MIF Management Information Format Describes management information. 2 SP Service Provider Connects the management software and managed components. 3 CI Component Interface API to enable a component to be managed. 4 MI Management Interface API to manage components. A couple of RPC services that employ DMI on Solaris are dmispd and snmpXdmid . For a description of dmispd, I will quote from its manpages... The DMI Service Provider, dmispd, is the core of the DMI solution. Management applications and Component instrumentations communicate with each other through the Service Provider. The Service Provider coordinates and arbitrates requests from the management application to the specified component instrumentations. The Service Provider handles runtime management of the Component Interface CI and the Management Interface MI , including component installation, registration at the MI and CI level, request serialization and synchronization, event handling for CI, and general flow control and housekeeping. And the same for snmpXdmid.. The snmpXdmid utility is a subagent in the Solstice Enterprise Agent Desktop Management Interface package. It maps the SNMP requests forwarded by the Master Agent snmpdx 1M into one or more equivalent DMI requests. Further, it remaps the DMI response into SNMP response back to snmpdx. When I was writing modules for dmispd snmpXdmid in my RPC fuzzer, I couldn't find much documentation, so I had gather information for various resources and put it all together. I'd like to thank open source developers for their code that was so helpful too. Researching the protocols and using the information I found enabled me to write the modules and fuzz dmispd snmpXdmid. dmispd program number 300598 dmispd program version 1 dmispd procedures REGISTER 512 UNREGISTER 513 GETVERSION 514 GETCONFIG 515 SETCONFIG 516 LISTCOMPONENTS 517 LISTCOMPONENTSBYCLASS 518 LISTLANGUAGES 519 LISTCLASSNAMES 520 LISTGROUPS 521 LISTATTRIBUTES 522 ADDROW 523 DELETEROW 524 GETMULTIPLE 525 SETMULTIPLE 526 ADDCOMPONENT 527 ADDLANGUAGE 528 ADDGROUP 529 DELETECOMPONENT 530 DELETELANGUAGE 531 DELETEGROUP 532 GETATTRIBUTE 533 SETATTRIBUTE 534 Rather odd procedure call numbers. They are usually lower ranges like 1-5, etc. snmpXdmid program number 100249 snmpXdmid program version 1 snmpXdmid procedures DELIVEREVENT 256 ADDCOMPONENT 257 UNKNOWN 258 UNKNOWN 259 UNKNOWN 260 UNKNOWN 261 UNKNOWN 262 UNKNOWN 263 UNKNOWN procedures are those which I couldn't find names. During fuzzing, I found an issue that is reproducable in both dmispd and snmpXdmid allowing a remote user to consume resources on the whole system. By calling ADDROW and sending data in a loop or not, doesn't matter to dmispd causes the process to consume resources and temporarily freeze the system. DELETEROW and DELETELANGUAGE also have the same issue. You can check out camisado.c if you are interested. SnmpXdmid also suffers from the same issue with ADDCOMPONENT and all the other procedures that are valid and I have tested. If you'd like to test snmpXdmid just reuse the code for dmispd. This issue is nothing special, but I figure the code and research could help others that are interested in DMI, RPC, and security. Plus.. I like seeing code do unexpected or unintended things If you happen to see any errors or have more information on DMI and DMI related research, I would appreciate if you would let me know. I try to make sure all information is as accurate as possible, but mistakes can happen from time to time.
Les mots clés de la revue de presse pour cet article : interface
Les videos sur SecuObs pour les mots clés : interface
Les éléments de la revue Twitter pour les mots clé : interface
Les derniers articles du site "Jeremy's Computer Security Blog" :
- What did they fix
- Adobe Flash Temporary Filename Scheme
- Reverse Engineering File Formats
- Browser Fuzzer 3
- Writing Code that Breaks Code
- Mozilla Code sighs
- From Static Analysis to 0day Exploit
- Some vendors are 'unconcerned'
- Firefox Local Download Manager Vulnerability
- Desktop Management Interface DMI
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
