TelCondex SimpleWebserver Buffer Overflow

2003-10-30T00:00:00
ID SECURITYVULNS:DOC:5321
Type securityvulns
Reporter Securityvulns
Modified 2003-10-30T00:00:00

Description

TelCondex SimpleWebserver Buffer Overflow

The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a remote executable buffer overflow, due to missing length check on the referer-variable of the HTTP-header.

It is possible to overwrite the stack, and therefore to execute arbitrary code on the system.

The vuln can be tested with netcat or telnet:

netcat webserver 80

GET /index.htm HTTP/1.0\r\n Referer: 700 x [A]\r\n\r\n

The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite the return address on the stack.

The vendor was informed about the vuln on Mon. 27.10.03, and respondet on Tue. 28.10.03 with a fixed version!

The new (fixed) version (2.13) is available at:

http://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe

Regards,

Oliver Karow

email: oliver.karow_AT_gmx.de web: www.oliverkarow.de

-- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++