4D 6.7 DOS and Buffer Overflow Vulnerability

From: Alfred Goldberg (agoldbergat_private)
Date: Tue Jun 18 2002 - 09:59:54 PDT

Next message: Mike Caudill: "Re: Catalyst 4000 - Cisco's Response"

Previous message: securityat_private: "DeepMetrix LiveStats javascript injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vulnerability Summary
---------------------
Problem: 	The 4D 6.7 webserver has a buffer overflow condition.

Threat:	An attacker could make the webserver crash and possibly execute
arbitrary code.

Affected Software:	4D Webserver version 6.7.3 verified.

Platform:	 Windows verified.

Solution:	Update to the version mentioned below.


Vulnerability Description
-------------------------
4D is unable to handle long HTTP requests. The result is a termination of
the 4D application as the buffer is overflown.

Solution
-------
4D 6.8 seems to of addressed this problem.

Additional Information
----------------------
4D was contacted 20020606 but returned no reply.

This vulnerability was found and researched by
Dumitru Vlad

Next message: Mike Caudill: "Re: Catalyst 4000 - Cisco's Response"
Previous message: securityat_private: "DeepMetrix LiveStats javascript injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 12:03:19 PDT