[<prev] [next>] [day] [month] [year] [list]
Message-ID: <007001c3a2a4$28b9fe40$329f8018@youru10ixi0anw>
Date: Mon, 3 Nov 2003 23:20:40 -0800
From: "Tri Huynh" <trihuynh@...up.com>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Cc: <bugs@...uritytracker.com>, <news@...uriteam.com>
Subject: Liteserve Buffer Overflow in Handling Server's Log.
Liteserve Buffer Overflow in Handling Server's Log.
=================================================
PROGRAM: Liteserve
HOMEPAGE:http://www.cmfperception.com/liteserve.html
VULNERABLE VERSIONS: 2.2 and below
DESCRIPTION
=================================================
LiteServe is a powerful, full-featured Web, Mail, FTP, and Telnet server.
This server software is perfect for personal websites or commercial sites
with high traffic demands and multiple domains.
DETAILS
=================================================
If LiteServe receives a request with a long file name like this:
GET /aaaaaaaaaaaaaaaaaaaaaa...htm HTTP/1.0 (the number of "a"
must be around 1 to 3 thousands, use a fuzzer like SPike to duplicate the
exploit) will cause a buffer overflow when the webmaster sees the server
log and click on the request using LiteServe interface.
WORKAROUND
=================================================
Don't use the LiteServe Interface to view the server's log. Apply
the patch from vendor.
CREDITS
=================================================
Discovered by Tri Huynh and Baryaley from Sentry Union
DISLAIMER
=================================================
The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.
FEEDBACK
=================================================
Please send suggestions, updates, and comments to: trihuynh@...up.com
Content of type "text/html" skipped
Powered by blists - more mailing lists