OmniHTTPd imagemap.exe Remote Overflow

1999-10-22T00:00:00
ID OSVDB:3380
Type osvdb
Reporter OSVDB
Modified 1999-10-22T00:00:00

Description

Vulnerability Description

OmniHTTPd contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the "imagemap.exe" program (installed by default) not sanitizing input. By passing overly long arguments to the program, the attacker can overflow a strcpy() call and execute remote code.

Solution Description

Upgrade to version 2.10 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Remove the imagemap.exe program if it is not required.

Short Description

OmniHTTPd contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the "imagemap.exe" program (installed by default) not sanitizing input. By passing overly long arguments to the program, the attacker can overflow a strcpy() call and execute remote code.

Manual Testing Notes

Test for the presence of /cgi-bin/imagemap.exe

References:

Vendor URL: http://www.omnicron.ca/ Snort Signature ID: 821 Snort Signature ID: 1700 Nessus Plugin ID:10122 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1367.html ISS X-Force ID: 3351 CVE-1999-0951 Bugtraq ID: 739