From: Nate Haggard <nateat_private> Date: Wed, 22 Aug 2001 16:51:45 -0600 Aolserver 3.0 will crash when it is given a long authorization string. It is also possible this vulnerability will allow a hacker to execute arbitrary code through a buffer overflow. I have not verified a buffer overflow exists. Aolserver 3.4 and 3.3.1 are not vulnerable to this attack. AOLserver 3.2 is also vulnerable (Red Hat 6.0++, kernel 2.2.19). Here is a sample exploit ------------------------------------------ . . . $killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n"; . . . Shouldn't this be $killme = "GET / HTTP/1.0\r\nAuthorization: Basic ".$junk."\r\n\r\n"; instead? Doesn't matter, though; it seems to make AOLserver hang either way. -- Bob Rogers
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 07:39:23 PDT