Vulners
Lucene search
ADA.image.txt
`hello,
Advisory for ADA Image Server (ImgSvr) 0.4.
ADA Image Server (ImgSvr) 0.4 Multiple vulnerabilities
Release Date:
April 3, 2004
Severity:
High (Remote Code Execution)
Vendor:
sourceforge.net/projects/adaimgsvr/
Services Affected:
http service (1234)
Description of the product:
ADA Image Server is an emmbeded web server that is specialized in photo album publishing.
This Image server provide an http access to image content. It generate dynamic pages from
a standard directory based hierarchy, manage thumbnails, metadatas.
Vulnerabilities:
1)Buffer overflow in Get / request
2)Directory Traversal vulnerabilities
3)List directories outside WWW root
4)Dos attack
Technical Description:
Some days ago I discovered some critical vulnerabilities in ADA Image Server (ImgSvr) 0.4 that
may allow an unauthorized user to execute arbitary code and read sensitive files on the system.
1. Buffer overflow in Get / request
There is a buffer overflow in ADA image server when you send a GET request following by 2.112 characters.
A cracker may exploit this vulnerability to make your web server crash continually or even execute
arbirtray code on your system.
Get /[2.112 chars] http/1.0
2.Directory Traversal vulnerabilities
The problem happens when the attacker uses the pattern "%2f%2e%2e%2f" that deceives the checks and allows him to see
and download any file in the remote system knowing the path.
http://[host]:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini
3.There is a third problem that allows a remote user to list any directory outside WWW home.
eg. http://[host]:1234/%2f%2e%2e%2f%2f%2e%2e%2f/
4.Some days ago another bug had been published that allowed a remote user to view the content of www directory
by supplying a "%00". Using this bug we can crash the server remotely by typing this:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe
/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe
/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/
Workaround:
Use another product.
Pr00f of concept code:
sorry, nothing at the moment but some pr00f of concept exploit may emerge soon.
Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/
Feedback
Please send your comments to: [email protected]
______________________________________________________________________________________
http://mobile.pathfinder.gr - Pathfinder Mobile logos & Ringtones!
http://www.pathfinder.gr - ÄùñåÜí mail áðü ôïí Pathfinder!
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2004 00:00Current
7.4High risk
Vulners AI Score7.4