lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 12 Sep 2003 06:58:29 -0700
From: "Moran" <moran@...zatech.com>
To: <bugtraq@...urityfocus.com>, <vuln-dev@...urityfocus.com>
Subject: Moozatech: MyServer Buffer Overflow vulnerability

12/09/03

Moozatech Advisory		http://www.moozatech.com/mt-12-09-2003.txt

-------------------------------------------------------

Application: MyServer Web Server
Web Site:    http://myserverweb.sf.net
Versions:    0.4.3 and below
Platform:    Windows98,Windows2000,Linux
Bug:         Buffer Overflow.
Risk:        Remote DOS and unauthorized remote access.
Severity:    High
Fix Available: Yes
-------------------------------------------------------

1) Introduction
2) Bug
3) The Code
4) Fix
5) About Moozatech

===============
1) Introduction
===============

MyServer is a free, powerful web server program designed to be easily run on
a personal
Computer by the average computer user.
It is a multithread application and supports HTTP, CGI, ISAPI, WinCGI and
FastCGI protocols.


======
2) Bug
======

a buffer overflow might allow Remote attacker to invoke malicious code by
submitting a request containing excessive data.
That will cause a buffer overflow and might allow to run code of choice
Under the web server privileges.
The problem is in the MSCGI library (cgi-lib.dll) that doesn’t handle
correctly long
String values for the URI variables.


====================
3) Proof of concept.
====================

nc.exe -v www.victim.com < request.txt

--
The script is attached.
This will crash the program with a memory overflow.


======
4) Fix
======

The author has confirmed this bug and temporary fix is available through
MyServer cvs repository at:
http://myserverweb.sourceforge.net/cvs.php
Complete patch will be available in the next upcoming release of myserver.


==================
5) About Moozatech
==================

Moozatech IT Systems Ltd. (“Moozatech”) is a leading information security
consulting
and project management firm focused on developing
"Secure IT Solutions" which best suit the client's operational needs.
Moozatech devotes time to make a secure computing environment for customers.

-----

Moran Zavdi
Moozatech IT Systems
www.moozatech.com

View attachment "mt-12-09-2003.txt" of type "text/plain" (1929 bytes)

View attachment "request.txt" of type "text/plain" (329 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ