|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Essentia Web Server 2.12 (Linux)
From: B-r00t (br00t
blueyonder.co.uk)
Date: Fri Jul 04 2003 - 07:33:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: Buffer Overflow in Linux Essentia Webserver.
Author: By B-r00t <br00tblueyonder.co.uk
Date: 04/07/2003
Reference: http://www.essencomp.com/
Versions: Essentia Web Server 2.12 (Linux) => VULNERABLE
Related Info: http://www.securityfocus.com/bid/4159/info/
Exploit: [attached] essenexploit.c
The same buffer overflow condition discovered in the Essentia webserver
for Windows (http://www.securityfocus.com/bid/4159/info/) has been found
to affect Essentia Web Server for Linux.
Due to the service running as root (to bind to port 80), remote exploitation
results in an attacker gaining system administration 'root' access.
POC code essenexploit.c is attached.
- --
B#.
- ----------------------------------------------------
Email : B-r00t <br00tblueyonder.co.uk>
Key fingerprint = 74F0 6A06 3E57 083A 4C9B
ED33 AD56 9E97 7101 5462
"You Would Be Paranoid If They Were Watching You !!!"
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)
iD8DBQE/BXQ6rVael3EBVGIRAlvFAJ9tKqcTEjTNu4Kw/TJ4NWEUNFOqVwCghbMz
ZH/9EQhjoBwE1Fk/Frp1Y64=
=8wz0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- TEXT/PLAIN attachment: essenexploit.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]