HTTP Fetcher Library Multiple Buffer Overflow Vulnerabilities

Multiple vulnerabilities have been discovered in the HTTP Fetcher library. The issues occur when the http_fetch() function is used to copy various HTTP data. By supplying excessive data in various user-supplied parameters it is possible to trigger several overflow conditions.

Successful exploitation of one of these vulnerabilities may allow an attacker to cease control of an application linked to the library. By overwriting the function's instruction pointer it may be possible to execute arbitrary commands.

The exploitability of this issue may be an issue only if the client application were accessible remotely through a proxy server. For instance, a server which allowed a client to make GET requests from other servers.


Privacy Statement
Copyright 2010, SecurityFocus