The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a
remote executable buffer overflow, due to missing length check on the
referer-variable of the HTTP-header.
It is possible to overwrite the stack, and therefore to execute
arbitrary code on the system.
The vuln can be tested with netcat or telnet:
netcat webserver 80
GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n
The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite
the return address on the stack.
The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!
=========================================
The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a
remote executable buffer overflow, due to missing length check on the
referer-variable of the HTTP-header.
It is possible to overwrite the stack, and therefore to execute
arbitrary code on the system.
The vuln can be tested with netcat or telnet:
netcat webserver 80
GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n
The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite
the return address on the stack.
The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!
The new (fixed) version (2.13) is available at:
http://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe
Regards,
Oliver Karow
email: oliver.karow_AT_gmx.de
web: www.oliverkarow.de
--
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse für Mail, Message, More! +++
[ reply ]