ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)

From: Matthew Murphy (mattmurphyat_private)
Date: Mon Jul 08 2002 - 20:36:34 PDT

Next message: Paul Starzetz: "Re: Linux kernels DoSable by file-max limit"

Previous message: Aleksander Adamowski: "Re: Linux kernels DoSable by file-max limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ALERT: Working Resources BadBlue #2
Vendor Notified: July 8, 2002

Working Resources have been informed of a
pair of denial of service conditions in
the BadBlue PWS.

The first vulnerability lies in the way a
GET request is handled.  A specially
crafted GET request can crash the target
server.

Also, a remotely exploitable overflow was
found in an ISAPI that ships with the
server.  Exploitation of this vulnerability
will cause an access violation, and does
not seem to allow code execution.

Additional technical details will be made
available as fixes are released for the
vulnerabilities in question.

Alert Published July 8, 2002

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: Paul Starzetz: "Re: Linux kernels DoSable by file-max limit"
Previous message: Aleksander Adamowski: "Re: Linux kernels DoSable by file-max limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 11:22:15 PDT