lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070327184311.kl7ren904c0sow00@webmail.skilltube.com>
Date: Tue, 27 Mar 2007 18:43:11 +0200
From: "skillTube.com" <lists73@...lltube.com>
To: bugtraq@...urityfocus.com
Subject: Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01

Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01

While developing one of our advanced security training modules, we
identified a remotely exploitable buffer overflow vulnerability in the
latest release of InterVetions' HTTP server NaviCopa 2.01. Successful
exploitation of this vulnerability allows an attacker to execute
arbitrary code in the context of the NaviCopa HTTP server. ....

The overflow can be triggered by sending a GET request in the following ways:

GET /cgi-bin/AAAAAAAAAAAAA....
or
GET /cgi/AAAAAAAAAAAAAAAAAA...

The amount of submitted characters depends on the location of the
NaviCopa installation folder. By default (Windows English version), it
resides in the Program Files/NaviCOPA directory. In that case, eip is
overwritten with characters 271 to 274. An exploit for this
vulnerability has been developed and successfully tested against
Windows 2000 Advanced Server, Windows XP SP2 and Windows Vista. Not
surprisingly, ASLR (Address Space Layout Randomization) does not
prevent reliable code execution due to its obvious limitations.

An exploit for the Meatsploit Framework is available on our web site:

http://www.skilltube.com/index.php?option=com_content&task=blogsection&id=3&Itemid=37



Countermeasures:
The vendor was informed on March 23, 2007 and published a patched
version 2 hours later. Great response time!



*******************************************************
Partner program:
If you are interested in learning more about vulnerability research
and exploitation techniques, check out our advanced security training
modules on www.skillTube.com. Are you interested in becoming an author
for skillTube.com? Just get in contact with us.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ