Tornado www-server v1.2: directory traversal, buffer overflow

2003-05-29T00:00:00
ID SECURITYVULNS:DOC:4603
Type securityvulns
Reporter Securityvulns
Modified 2003-05-29T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----

_ __ ___

........\ \.| |.| |/ \........

: / \| | | | __> :

: / _ \ |_| | / __ :

: / / \ | <_/ \ :

:..../ _/ / _ | ` \....:

: \_/| |__|_/ :

: Damage Hacking Group :

: Security Advisory :

:.............................:

http://www.dhgroup.org

b d

b,________.d

| | Product: Tornado www-server v1.2 Authors: www.softrex.com/tornado/ | Vulnerability: multiple bugs |

--------------------------------------------------------------

| Overview: | ~~~~~~~~~

Another one http server | |

--------------------------------------------------------------

| Problem: | ~~~~~~~~

This server is one BiG problem. IMHO is most dangerous server. Main bug in DNA ;D Attacker may see any files in system (but only if he know path and filename), may crash server (and exec malicious code) by sending long http request. Examples:

www.server.com/../existing_file <-file be showed

www.server.com/aa[more than 471 chars] | |

--------------------------------------------------------------

| Exploit: | ~~~~~~~~

Naah, its not interesting. Lets authors code something better. | |

--------------------------------------------------------------

| :wow: | ~~~ NeKr0 /DHG www.dhgroup.org | |

______________

\_____da_end_______/

Best regards www.dhgroup.org D4rkGr3y icq 540981

-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPtaTMW4LIpseSJmPAQFU5AP/bO2H6whq/DXFdjYndYthn3sC35RlR6Lh TF9tuOZyTPzsRwf0wKZEw3ivtyoAKVL3Qn6a+kCC7XE049TViDujQ5ykevkADl41 aA1E+wqV23xZjJfLuDBuJNgl2TbaJop+qYvrE5Rh83k81q4MdGLAuwQkM57M5xch 5JSPz5M1yC0= =dw5D -----END PGP SIGNATURE-----