AOLserver 3.0 vulnerability

From: Bob Rogers (rogers-bugtraqat_private)
Date: Thu Aug 23 2001 - 05:55:00 PDT

Next message: KF: "Re: AOLserver 3.0 vulnerability"

Previous message: Michael Kjorling: "Re: Another sendmail exploit [local root compromise]"
In reply to: Nate Haggard: "AOLserver 3.0 vulnerability"
Next in thread: KF: "Re: AOLserver 3.0 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   From: Nate Haggard <nateat_private>
   Date: Wed, 22 Aug 2001 16:51:45 -0600

   Aolserver 3.0 will crash when it is given a long authorization string.  It 
   is also possible this vulnerability will allow a hacker to execute 
   arbitrary code through a buffer overflow. I have not verified a buffer 
   overflow exists.  Aolserver 3.4 and 3.3.1 are not vulnerable to this attack.

AOLserver 3.2 is also vulnerable (Red Hat 6.0++, kernel 2.2.19).

   Here is a sample exploit
   ------------------------------------------
   . . .
   $killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n";
   . . .

Shouldn't this be

   $killme = "GET / HTTP/1.0\r\nAuthorization: Basic ".$junk."\r\n\r\n";

instead?  Doesn't matter, though; it seems to make AOLserver hang either
way.

					-- Bob Rogers

Next message: KF: "Re: AOLserver 3.0 vulnerability"
Previous message: Michael Kjorling: "Re: Another sendmail exploit [local root compromise]"
In reply to: Nate Haggard: "AOLserver 3.0 vulnerability"
Next in thread: KF: "Re: AOLserver 3.0 vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 07:39:23 PDT