Moozatech: MyServer Buffer Overflow vulnerability

2003-09-13T00:00:00
ID SECURITYVULNS:DOC:5108
Type securityvulns
Reporter Securityvulns
Modified 2003-09-13T00:00:00

Description

12/09/03

Moozatech Advisory http://www.moozatech.com/mt-12-09-2003.txt


Application: MyServer Web Server Web Site: http://myserverweb.sf.net Versions: 0.4.3 Platform: Windows98,Windows2000,Linux Bug: Buffer Overflow. Risk: Remote DOS and unauthorized remote access. Severity: High Fix Available: Yes


1) Introduction 2) Bug 3) The Code 4) Fix 5) About Moozatech

=============== 1) Introduction ===============

MyServer is a free, powerful web server program designed to be easily run on a personal Computer by the average computer user. It is a multithread application and supports HTTP, CGI, ISAPI, WinCGI and FastCGI protocols.

====== 2) Bug ======

a buffer overflow might allow Remote attacker to invoke malicious code by submitting a request containing excessive data. That will cause a buffer overflow and might allow to run code of choice Under the web server privileges. The problem is in the MSCGI library (cgi-lib.dll) that doesn’t handle correctly long String values for the URI variables.

==================== 3) Proof of concept. ====================

nc.exe -v www.victim.com < request.txt

-- The script is attached. This will crash the program with a memory overflow.

====== 4) Fix ======

The author has confirmed this bug and temporary fix is available through MyServer cvs repository at: http://myserverweb.sourceforge.net/cvs.php Complete patch will be available in the next upcoming release of myserver.

================== 5) About Moozatech ==================

Moozatech IT Systems Ltd. (“Moozatech”) is a leading information security consulting and project management firm focused on developing "Secure IT Solutions" which best suit the client's operational needs. Moozatech devotes time to make a secure computing environment for customers.