International TeleCommunications WebBBS File Name Overflow

2000-06-19T00:00:00
ID OSVDB:3545
Type osvdb
Reporter OSVDB
Modified 2000-06-19T00:00:00

Description

Vulnerability Description

WebBBS default web server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a lack of bounds checking on input supplied via requesting a file name. A carefully crafted request can overflow the buffer resulting in arbitrary code execution.

Technical Description

The string has to be a length of 227 + EIP (4 bytes making a total of 231 bytes). This will cause the above application to BufferOverRun over writing EIP.

Solution Description

Upgrade to version 1.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebBBS default web server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a lack of bounds checking on input supplied via requesting a file name. A carefully crafted request can overflow the buffer resulting in arbitrary code execution.

References:

Related OSVDB ID: 3544 Mail List Post: http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0278.html