JanaServer HTTP GET Version Overflow

2003-07-27T22:47:13
ID OSVDB:2103
Type osvdb
Reporter OSVDB
Modified 2003-07-27T22:47:13

Description

Vulnerability Description

Jana Server contains a buffer overflow in the HTTP server. If an extremely long HTTP request is received, the server will crash when attempting to log the request.

Technical Description

Sending an invalid GET request with a extremely long HTTP version field could crash Jana Server or allow an attacker to run arbitrary code on the system.

Attack Example:

GET /jana_server_are_you_there? HTTP/[Really long version that contains exploitable code].0\r\n\r\n

Solution Description

There have been no official patches released to correct this issue. As a work around, administrators may wish to disable HTTP logging. This may, however, allow other attacks or errors to go undetected.

Short Description

Jana Server contains a buffer overflow in the HTTP server. If an extremely long HTTP request is received, the server will crash when attempting to log the request.

Manual Testing Notes

Telnet to Target IP on port 80. Run GET /HTTP/"long string data".0\r\n\r\n and check if the Port 80 crashes. If so system may be vulnerable.

References:

Nessus Plugin ID:11061 Nessus Plugin ID:11065 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=102769692619927&w=2 ISS X-Force ID: 9682 CVE-2002-1061 Bugtraq ID: 5319