Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Buffer Overflow in Netware Web Server PERL Handler
From: Uffe Nielsen (uniprotego.dk)
Date: Wed Jul 23 2003 - 09:17:46 CDT
Topic: Buffer Overflow in Netware Web Server PERL Handler
Platform : Netware 5.1 SP6, Netware 6 under certain conditions.
Application : NetWare Enterprise Web Server
Advisory URL: http://www.protego.dk/advisories/200301.html
Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562
Vendor Name: Novell, Inc.
Vendor URL: http://www.novell.com
Vendor contacted: 10-Feb-2003
Public release: 23-Jul-2003
The Netware Enterprise Server does not perform proper bounds check on
requests passed to the perl interpreter through the perl virtual
directory. This results in a buffer overflow condition, when large
requests are sent to the perl interpreter.
The issue can be triggered by requesting the perl virtual directory
followed by a long string.
http://server/perl/aaaaaa...[Unspecified number of characters]
The vulnerability occurs in the CGI2PERL.NLM module.
A request like the above will overrun the allocated buffer and overwrite
EIP, causing the server to ABEND and either suspend the process or
restart itself, thereby creating a Denial of Service situation.
Novell has made a patch for this issue:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an "AS IS" condition.
There are NO warranties with regard to this information. In no event
shall PROTEGO be liable for any consequences or damages, including
direct, indirect, incidental, consequential, loss of business profits or
special damages, arising out of or in connection with the use or spread
of this information. Any use of this information lies within the user's
responsibility. All registered and unregistered trademarks represented
in this document are the sole property of their respective owners.