OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alfred Goldberg (agoldbergabsoluteitsolutions.com)
Date: Tue Jun 18 2002 - 11:59:54 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Vulnerability Summary
    ---------------------
    Problem: The 4D 6.7 webserver has a buffer overflow condition.

    Threat: An attacker could make the webserver crash and possibly execute
    arbitrary code.

    Affected Software: 4D Webserver version 6.7.3 verified.

    Platform: Windows verified.

    Solution: Update to the version mentioned below.

    Vulnerability Description
    -------------------------
    4D is unable to handle long HTTP requests. The result is a termination of
    the 4D application as the buffer is overflown.

    Solution
    -------
    4D 6.8 seems to of addressed this problem.

    Additional Information
    ----------------------
    4D was contacted 20020606 but returned no reply.

    This vulnerability was found and researched by
    Dumitru Vlad