• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

cgihtml Signed Integer Content-Length Memory Corruption Vulnerability

A vulnerability has been discovered in cgihtml which may result in memory corruption. The problem occurs due to a signed Content-Length value. By passing a negative Content-Length value in an HTTP POST request it is possible to trick the function into allocating insufficient memory. When the POST data is read from the user, heap memory will be overwritten causing the process to crash.

Although not yet confirmed it may be possible to exploit this vulnerability to execute arbitrary instructions.