International TeleCommunications WebBBS GET Request Overflow

2000-06-19T00:00:00
ID OSVDB:3544
Type osvdb
Reporter OSVDB
Modified 2000-06-19T00:00:00

Description

Vulnerability Description

WebBBS default web server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a lack of bounds checking on input supplied via a GET request. A carefully crafted request can overflow the buffer resulting in arbitrary code execution.

Technical Description

The string has to be a length of 545 + EIP (4 bytes making a total of 549 bytes). This will cause the above application to BufferOverRun over writing EIP.

Solution Description

Upgrade to version 1.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebBBS default web server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a lack of bounds checking on input supplied via a GET request. A carefully crafted request can overflow the buffer resulting in arbitrary code execution.

References:

Related OSVDB ID: 3545 Mail List Post: http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0278.html ISS X-Force ID: 4742 CVE-2000-0561 Bugtraq ID: 1365