lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <64fcd9051001270510k7dc9ec1bo350235cb0409c2ba@mail.gmail.com>
Date: Wed, 27 Jan 2010 08:10:37 -0500
From: Jeff Williams <jeffwillis30@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure
	handling of long URLs

> RedTeam Pentesting believes it is
> also possible to exploit this vulnerability to execute code on the
> server.
>
> Cant you open a debugger ?





>
> Proof of Concept
> ================
>
> The following command can be used to crash the server if it is called
> multiple times:
>
> $ curl -i "http://gncaster.example.com:1234/`perl<http://gncaster.example.com:1234/%60perl>-e 'printf "A"x988'`"
>
>
>
Jeremy's back yo !



>
> Workaround
> ==========
>
> A vulnerable server could be protected from this vulnerability by an
> application layer firewall that filters overly long HTTP GET requests.
>
>
> Fix
> ===
>
> Update GNCASTER to version 1.4.0.8.
>
>
> Security Risk
> =============
>
> This vulnerability can be used for very efficient DoS attacks. This is
> especially serious as GNCaster is a real time application that is
> typically used by multiple mobile clients that rely on a functioning
> server. The vulnerability could potentially also be leveraged to remote
> code execution on the server. The risk is therefore regarded as high.
>
>
> History
> =======
>
> 2009-07-06 Vulnerability identified during a penetration test
> 2009-07-14 Meeting with customer
>
// 8 days later, wtf ?!?

> 2009-12-01 Vendor releases fixed version
> 2010-01-27 Advisory released
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ