lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <002701c298e6$7d2a0100$e62d1c41@kc.rr.com>
From: mattmurphy at kc.rr.com (Matthew Murphy)
Subject: Advisory: Webster HTTP Server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ABSTRACT

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
Foundation Classes (MFC).  It runs on Windows 95, 98, NT, 2000, Me, and XP
platforms.  It was first published as a sample application in Microsoft
Journal (MSJ).  Multiple security flaws have been identified in Webster that
could allow an attacker to take various actions on the server, ranging from
script execution to complete compromise.

DESCRIPTION

There are three vulnerabilities in Webster, all related to the processing of
malicious requests:

I. Buffer Overrun

There is a security flaw in Webster that allows an attacker to completely
compromise the server.  If given a URI that is 275 characters or longer, the
saved return address will be overwritten.  Execution of arbitrary code is
possible:

http://www.techie.hopto.org/exploits/webster.txt

II. Directory Traversal

Another seperate security flaw occurs with poor path validation.  Webster
will follow '/../' sequences in URL path names, allowing access to files
above the document root.  This vulnerability may be used for further
compromise if security sensitive files are retreived (the Windows NT SAM
file, for instance).

http://www.techie.hopto.org/exploits/webster2.txt

III. Cross-site Scripting

Another small vulnerability was uncovered in Webster.  If a path name
containing HTML markup is used, that path will be returned to the browser as
HTML content, enabling zone bypass.

Example: http://websterhost.edu/<SCRIPT>alert(document.URL)</SCRIPT>/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x990EB050

iQA/AwUBPel8bTa4rCCZDrBQEQKTvgCeJ8AR/KR+SW/ODMawKR+RRjbd+iQAoOBE
AZVgc+Om/u+4p3kl4FbpnPcj
=pYYW
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ