OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Kistler Ueli (iukgmx.ch)
Date: Sat Jun 08 2002 - 13:27:59 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Affected: Seanox DevWex 1.2002.0520 Windows binary
    Vulnerability: DoS and directory traversal using Win32 path delimiter
    Risk: High (Code execution?)-Medium(DoS and directory traversal)
    Vendor contacted: 26-5-2002
    Vendor fix: http://www.seanox.de/projects.devwex.php4

    DevWex is a small and flexible Webserver running as standalone win32
    binary and as JAVA application.

    Buffer-overflow problem:
    It exists a buffer-overflow problem in the procedure handling a GET
    command. Sending at least 258383 caracters with a GET command will crash
    the server and make it inaccessible.
    This could perhaps allow an attacker to execute shellcode.
    Example: GET 258383xA+CRLF+CRLF

    Directory traversal:
    An attacker can request an URL containing Windows path delimiters to
    break out of the
    document root of DevWex. This allows an attacker to download sensitive data.
    Example: GET /..\..\..\..\anyfile

    Fix: Seanox has released a new version (1.2002.0601)

    Regards,
     Ueli Kistler
     eclipsepackx.net / iukgmx.ch
     www.packx.net / www.eclipse.fr.fm

    Greetz to PackX Team

    --