Immunity Canvas: IPLANET_CHUNKED

2002-08-12T00:00:00
ID IPLANET_CHUNKED
Type canvas
Reporter Immunity Canvas
Modified 2002-08-12T00:00:00

Description

Name| iplanet_chunked
---|---
CVE| CVE-2002-0845
Exploit Pack| CANVAS
Description| iPlanet Chunked Encoding
Notes| References: http://www.sun.com/service/sunone/software/alerts/transferencodingalert-23july2002.html http://www.eeye.com/html/Research/Advisories/AD20020808a.html
CVE Name: CVE-2002-0845
VENDOR: Sun and Netscape
Usage Notes: Requires a POSTABLE url. Any postable url will do. The exploit will tell you if the url you gave it was not postable. This exploit has old findsck shellcode in it, and will not work from behind a NAT.
Development Notes: Exploit tested against IPlanet version 4.1 SP7, SP3, and SP9 on Solaris 9, 8 and 7 (sun4u)
Install media: enterprise-4.1SP9-domestic-us.sparc-sun-solaris2.6.tar.gz
Solaris 8 media Bonus Software CD: iPlanet Advantage Software volume 2:
bash-2.03# strings /usr/netscape/server4/bin/https/bin/ns-httpd | grep iPlanet-WebServer-Enterprise
iPlanet-WebServer-Enterprise/4.1SP7
Post-Exploitation: WARNING: iPlanet web server will not serve web pages till you exit the shell listener.
Date public: 08/08/2002
CERT Advisory: http://www.kb.cert.org/vuls/id/516648
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0845
CVSS: 7.5