Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Zeroo HTTP Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server |
|---|
Categorie: Vulnerability
Posted: 2002-11-20 by ReCall
Views: 341
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A buffer overflow vulnerability was reported in the Zeroo HTTP Server. A remote user can execute arbitrary code on the server.
INetCop reported that there are several buffer overflow vulnerabilities. One of the more serious ones is reported to be in the *HttpWrite() function, where user-supplied input is copied into a fixed size buffer without first checking the length of the input to be copied. A remote user can request a specially crafted URL to trigger the overflow and cause arbitrary code to be executed on the system.
Some demonstration exploit code is available in the Source Message.
Impact: A remote user can execute arbitrary code on the server with the privileges of the web daemon.
Solution: No solution was available at the time of this entry. The author has provided an unofficial patch, available in the Source
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=333
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
