NetWin Authentication Module -del Command Overflow

2001-07-20T08:24:17
ID OSVDB:5733
Type osvdb
Reporter ByteRage(byterage@yahoo.com)
Modified 2001-07-20T08:24:17

Description

Vulnerability Description

A local overflow exists in NWAuth. The authentication module fails to validate long usernames passed to the "-del" command, resulting in a buffer overflow. With a specially crafted request, an attacker can cause an access violation resulting in a loss of availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in NWAuth. The authentication module fails to validate long usernames passed to the "-del" command, resulting in a buffer overflow. With a specially crafted request, an attacker can cause an access violation resulting in a loss of availability.

References:

Vendor URL: http://www.netwinsite.com/authent/index.htm Security Tracker: 1002062 Related OSVDB ID: 5559 Related OSVDB ID: 5560 Related OSVDB ID: 5735 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2001-07/0452.html ISS X-Force ID: 6866 CVE-2001-1354 Bugtraq ID: 3075