RaidenHTTPD Long URI Remote Overflow

2005-03-02T05:25:28
ID OSVDB:14304
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-03-02T05:25:28

Description

Vulnerability Description

A remote overflow exists in RaidenHTTPD. The RaidenHTTPD fails to check URI length resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.1.34 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in RaidenHTTPD. The RaidenHTTPD fails to check URI length resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality.

References:

Vendor URL: http://www.raidenhttpd.com/ Security Tracker: 1013334 Secunia Advisory ID:14453 Related OSVDB ID: 14303 Other Advisory URL: http://www.security.org.sg/vuln/raidenhttpd1132.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0005.html CVE-2005-0623