• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GoAhead WebServer Remote Arbitrary Command Execution Vulnerability

Solution:
An unofficial source code fix has been provided. SecurityFocus has not tested the provided third-party fix.

diff -u ws212-020612/default.c ws212-020612gby/default.c
--- ws212-020612/default.c Wed Jun 12 19:38:48 2002
+++ ws212-020612gby/default.c Wed Jun 19 16:34:24 2002
@@ -204,9 +204,11 @@
* is bad.
*/

+#define MAXDIRPATH (64)
+
int websValidateUrl(webs_t wp, char_t *path)
{
- char_t *parts[64]; /* Array of ptr's to URL parts */
+ char_t *parts[MAXDIRPATH]; /* Array of ptr's to URL parts */
char_t *token, *dir, *lpath;
int i, len, npart;

@@ -241,7 +243,11 @@
} else if (gstrcmp(token, T(".")) != 0) {
parts[npart] = token;
len += gstrlen(token) + 1;
- npart++;
+ if(++npart >= MAXDIRPATH) {
+ /* Damn script kitties... */
+ bfree(B_L, path);
+ return -1;
+ }
}
token = gstrtok(NULL, T("/"));
}

---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.