------------------------------------------------------------------- Periodically, the moderator of of the vuln-dev mailing list will post summaries of issues discussed there to Bugtraq and possibly other relevant lists. This will usually happen when an issue has been resolved, or it appears that there will be no further discussion on vuln-dev. Each separate issue will be given it's own posting to facilitate referencing them separately, for discussion, forwarding, or appearance in vulnerability databases. To subscribe to vuln-dev, send an e-mail to listservat_private, with the word SUBSCRIBE in the body of the message. A FAQ and archive can be found at www.securityfocus.com-->forums-->vuln-dev (click on these sections, the web pages are forms-based.) ------------------------------------------------------------------- There have been some other interesting problems in relation to the Alibaba web server mentioned on Bugtraq already. This was brought up earlier on vuln-dev, and there is also some information about what Alibaba is, and how widely it is used. From: 199910281536.RAA18018at_private">http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-10-22&msg=199910281536.RAA18018at_private To: Exploit-Dev Subject: Possibly exploitable overflow in Alibaba 2.0 Date: Thu Oct 28 1999 10:57:43 Author: Thomas Dullien Message-ID: <199910281536.RAA18018at_private> Hello all together, Tried a little freeware webserver named Alibaba 2.0 today and found an exploitable overflow. I telnetted to 127.0.0.1:80 and crashed it using POST [enter 1028 'x'] / HTTP/1.0 >From a disassembled listing I found that it uses a scanf("%s %s %s", szName, szFile, szSomething); where szFile is a local variable of 0x400 (=1024) bytes on the stack directly above the return address. Coding an exploit for this is going to be a little tricky as it mustn't have any 0x20, 0x00, 0x61-0x7A in it since these bytes are changes by the foregoing function that converts everything into uppercase. I contacted the authors but they stated since its freeware there will be no support to it :) If someone wants to code a full exploit, go ahead :) -------------------------------------------------- As we've seen from other Bugtraq posts, this product seems fully broken. Here's more info. From: 381B084A.E37193CEat_private">http://www.securityfocus.com/templates/archive.pike?list=82&date=1999-10-29&msg=381B084A.E37193CEat_private To: Exploit-Dev Subject: Re: Possibly exploitable overflow in Alibaba 2.0 Date: Sat Oct 30 1999 07:01:30 Author: Blue Boar Message-ID: <381B084A.E37193CEat_private> http://www.csm-usa.com/product/alibaba/ "Connect With Confidence !!" http://www.netcraft.com/whats/?host=www.csm-usa.com%3A80 (Says it's running Alibaba 3.0) Links to sites running Alibaba: http://www.netcraft.com/survey/Reports/9909/byserver/Alibaba/index.html I have a real problem with a company releasing a (potentially) insecure product, and then crying "freeware" and refusing to release a fix, source, etc... ------------------------------------------ Looking back, minus the rest of the thread, my message is a bit terse. Alibaba is a web server that runs on Windows 9x and NT. The current version that I can see on their web site is 2.0, though you'll notice they themselves run something that identifies itself as 3.0. Netcraft will give you a list of web servers running Alibaba. In .com and .net, there were just over 500. This is a closed-source Windows program. You can't fix it, and they won't fix it. I can't help but be reminded of a Far Side cartoon I like. It shows various dangerous animals, such as a blowfish, and a rattlesnake. In one corner of the cartoon is a guy wearing a boot on his head, with an inner-tube around his middle, holding a rocket launcher. The caption is "Nature's way of saying 'don't touch'". BB P.S. One of the list members suggested "attacking" vulnerable sites with a patch if one can be hacked together. I certainly can't condone that, but it makes me chuckle.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:51 PDT