Remote Exploit (Bug) in OmniHTTPd Web Server

From: Valentin Perelogin (viktorat_private)
Date: Fri Jun 04 1999 - 23:53:51 PDT

Next message: Rik van Riel: "Ann: common secure linux mailing list"

Previous message: STEVENS, Eric: "Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
The exploit (bug) will make temp files on the server until servers hdd
is full.
And anyone can do it remotely.
By default visadmin.exe (Visitor Administrator) is in cgi-bin directory.

What you need to do, is to type this url:
http://omni.server/cgi-bin/visadmin.exe?user=guest
Thats all. Now in some minutes is servers hdd full!!

Fix: Remove visadmin.exe from cgi-bin directory.

Valentin Perelõgin

Next message: Rik van Riel: "Ann: common secure linux mailing list"
Previous message: STEVENS, Eric: "Windows NT 4.0, 95, 98 (?) networked PRN flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:17 PDT