Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| MyServer 'cgi-lib.dll' Buffer Overflow Permits Remote Code Execution |
|---|
Categorie: Vulnerability
Posted: 2003-09-15 by ReCall
Views: 399
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A buffer overflow vulnerability was reported in MyServer. A remote user can execute arbitrary code with the privileges of the target MyServer process.
Moozatech reported that the 'cgi-lib.dll' MSCGI library does not properly process long URL variables. A remote user can reportedly submit a specially crafted HTTP request to trigger a buffer overflow and execute arbitrary code.
A demonstration exploit request is provided:
GET /cgi-bin/math_sum.mscgi?a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1
Impact: A remote user can execute arbitrary code with the privileges of the MyServer process.
Solution: The vendor has released a fix, available via CVS at:
http://myserverweb.sourceforge.net/cvs.php
A patch is reportedly planned for the next release of the software.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=432
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
