Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)

From: Dave Ahmad (daat_private)
Date: Mon Jul 08 2002 - 14:59:27 PDT

Next message: Dave Aitel: "Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd)"

Previous message: Matthew Murphy: "Technical Details of Urlcount.cgi Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Return-Path: <labsat_private>
Delivered-To: daat_private
Received: (qmail 7643 invoked from network); 8 Jul 2002 21:57:16 -0000
Received: from unknown (HELO mission.foundstone.com) (66.192.0.2)
  by mail.securityfocus.com with SMTP; 8 Jul 2002 21:57:16 -0000
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Foundstone Advisory - Buffer Overflow in MyWebServer
Date: Mon, 8 Jul 2002 15:03:44 -0700
Message-ID: <9DC8A3D37E31E043BD516142594BDDFAC475B2at_private>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Foundstone Advisory - Buffer Overflow in MyWebServer
Thread-Index: AcImy1QmoQ4mhAPnTnaAiGRmcRu0VQ==
From: "Foundstone Labs" <labsat_private>
To: <daat_private>

----------------------------------------------------------------------
FS Advisory ID:                 FS-070302-24-MWSX

Release Date:                   July 3rd, 2002

Product:                        MyWebServer

Vendor:                         MyWebServer (http://www.mywebserver.org)

Vendor Advisory:                See vendor web site

Type:                           Buffer Overflow

Severity:                       High

Author:                         Robin Keir (robin.keirat_private)
                                Foundstone, Inc.
                                (http://www.foundstone.com)

Operating Systems:              Windows variants

Vulnerable versions:            MyWebServer v1.02 and previous

Foundstone Advisory:            http://www.foundstone.com/advisories.htm
---------------------------------------------------------------------

Description

A buffer overflow exists in versions 1.02 and previous of MyWebServer.
Exploitation of this vulnerability allows remote execution of arbitrary
code
with daemon privileges.

Details

Sending a GET request containing a URL of approx. 1000 characters or
more causes
MyWebServer to crash.  Exploitation is possible and proof of concept
code has been
authored demonstrating this problem.

Solution:

Refer to the vendor's web site for further details:
http://www.mywebserver.org

Disclaimer:

The information contained in this advisory is copyright (c) 2002
Foundstone, Inc. and is believed to be accurate at the time of
publishing, but no representation of any warranty is given,
express, or implied as to its accuracy or completeness. In no
event shall the author or Foundstone be liable for any direct,
indirect, incidental, special, exemplary or consequential
damages resulting from the use or misuse of this information.
This advisory may be redistributed, provided that no fee is
assigned and that the advisory is not modified in any way.

Next message: Dave Aitel: "Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd)"
Previous message: Matthew Murphy: "Technical Details of Urlcount.cgi Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 15:13:01 PDT