| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Jun 2003 15:22:21 -0700 From: "Mark Litchfield" <mark@...software.com> To: <bugtraq@...urityfocus.com> Subject: Remote Buffer Overrun WebAdmin.exe NGSSoftware Insight Security Research Advisory Name: Remote System Buffer Overrun WebAdmin.exe Systems Affected: Windows Severity: High Risk Category: Buffer Overrun Vendor URL: http://www.altn.com/ Author: Mark Litchfield (mark@...software.com) Date: 24th June 2003 Advisory number: #NISR2406-03 Description *********** WebAdmin allows administrators to securely manage MDaemon, RelayFax, and WorldClient from anywhere in the world Details ******* There is a remotely exploitable buffer overrun in the USER parameter. By default the webadmin.exe process is started as a system service. Any code being passed to the server by an attacker as a result of this buffer overrun would therefore (based on a default install) execute with system privileges. POST /WebAdmin.dll?View=Logon HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */* Referer: http://ngssoftware.com:1000/ Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: MyUser Agent Host: NGSSoftware.com Content-Length: 74 Connection: Keep-Alive Cache-Control: no-cache Cookie: User=NGSSOFTWARE; Lang=en; Theme=Standard User=LONGSTRING&Password=foo&languageselect=en&Theme=Heavy&Logon=Sign+In Fix Information *************** NGSSoftware alerted ALTN to theses issues on the 19th of June 2003. A patch has now been made available from ftp://ftp.altn.com/WebAdmin/Release/wa205_en.exe A check for these issues has been added to Typhon III, of which more information is available from the NGSSoftware website, http://www.ngssoftware.com Further Information ******************* For further information about the scope and effects of buffer overflows, please see http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf http://www.ngssoftware.com/papers/ntbufferoverflow.html http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf http://www.ngssoftware.com/papers/unicodebo.pdf
Powered by blists - more mailing lists