| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mattmurphy at kc.rr.com (Matthew Murphy) Subject: Moby NetSuite POST Denial of Service Vulnerability Advisory: Moby NetSuite POST Denial of Service Vulnerability Moby NetSuite is an HTTP/SMTP package designed for simplicity. It supports CGI, including POST form submissions. A vulnerability in the POST handler could lead to denial of service against the server. When faced with a POST request, NetSuite allocates a buffer according to the incoming Content-Length header, reads in that number of bytes, and passes them on as the CGI process' STDIN stream. The value for the number of bytes read is returned from an atoi() call. When the header's value is too large to fit in an integer value, or is not numeric, the atoi() library call leaves the variable in its previous state. In this case, the variable is undefined, as it has no data before the length is determined. An sprintf() call that occurs while creating the CGI environment for the child then attempts to read the undefined data, resulting in an access violation. Restart of services is required to regain normal functionality. Example: [Begin Session] POST /cgi-bin/test.cgi HTTP/1.0 Content-Length: 111111111111111111111111111 A [End Session] NetSuite crashes within seconds with an access violation: illegal use of un-initialized data variable. http://www.techie.hopto.org/bug.php?2002-48 (Write-Up) http://www.techie.hopto.org/exploits.php?moby (Exploit code in HTML form) http://www.techie.hopto.org/getexpl.php?moby (Exploit code in downloadable form)
Powered by blists - more mailing lists