WWW-SQL File Include Overflow

2004-06-21T10:35:29
ID OSVDB:7192
Type osvdb
Reporter Ulf Härnhammar(Ulf.Harnhammar.9485@student.uu.se)
Modified 2004-06-21T10:35:29

Description

Vulnerability Description

A local overflow exists in WWW-SQL. The WWW-SQL parser fails to check the length of the file include command resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known official upgrades to correct this issue. However, Debian has fixed the flaw in their 0.5.7-17 package and Ulf Härnhammar has released a patch to address this vulnerability.

Short Description

A local overflow exists in WWW-SQL. The WWW-SQL parser fails to check the length of the file include command resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.jamesh.id.au/software/www-sql/ Secunia Advisory ID:11902 Secunia Advisory ID:11903 Other Solution URL: http://seclists.org/lists/fulldisclosure/2004/Jun/att-0650/www-sql.patch Other Advisory URL: http://www.debian.org/security/2004/dsa-523 Mail List Post: http://seclists.org/lists/fulldisclosure/2004/Jun/0650.html Generic Exploit URL: http://seclists.org/lists/fulldisclosure/2004/Jun/att-0650/test.sql CVE-2004-0455