-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Type: DoS, crashes Daemon Release Date: January 14, 2002 Product / Vendor: Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment. http://pi3web.sourceforge.net Summary: Server crashes after sending very long cgi parameter a few times. http://host/cgi-bin/hello.exe.....<224 char>...... The instruction at "0x77fcc1df" referenced memory at "0x009946c0". The memory could not be "read". Tested: Windows 2000 / PiWeb v2.0 Vulnerable: Pi3Web v2.0 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin tsat_private http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPEIRlruLpFMrXtywEQLrmwCeKWYcTxIlPERxzY+jA8m3v/boFXAAn1En AuKA4zylpjqVVkGZdHiuILSt =zVHB -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Jan 14 2002 - 13:21:41 PST