John Franks WN Server Long GET Request Remote Overflow

2002-12-30T09:09:59
ID OSVDB:9836
Type osvdb
Reporter badc0ded(badc0ded@badc0ded.com)
Modified 2002-12-30T09:09:59

Description

Vulnerability Description

A remote overflow exists in John Frank's WN Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted GET request containing 1,600 or more characters, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 2.4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in John Frank's WN Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted GET request containing 1,600 or more characters, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://hopf.math.nwu.edu/ Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html ISS X-Force ID: 10223 CVE-2002-1166 Bugtraq ID: 5831