|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Buffer overflow in AspUpload 1.4
Arne Vidstrom (winnt
BAHNHOF.SE)
Tue, 20 Jul 1999 19:25:47 +0200
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Bill Stout: "Re: WTS security tightening paper?"
- Previous message: Dave Cottle: "MacFile & profiles"
I've found what seems to be a buffer overflow in AspUpload 1.4 from Persits
Software. I've only tried it on NT 4.0 Server with IIS 3.0. It's not
unlikely that it also works on previous versions of AspUpload, but I
haven't verified that. When I enter about 3800 characters or more in the
filename box in my browser and click on the send button, AspUpload kills
the inetinfo process on the server (that is, kills IIS). If you use
AspUpload, I think it would be a good idea to ask them about a patched
version, at least if you run it on IIS 3.0. Perhaps it already exists by
now in some form... The problem seems to be in the AspUpload.dll, and the
version I tried this with had Product Version "1, 4, 0, 0". There could
exist later versions with this problem too, however. By the way, can
anybody reproduce this with AspUpload on IIS 4.0? (I don't have enough
machines right now to install IIS 4.0 too...)
/Arne Vidstrom
- Next message: Bill Stout: "Re: WTS security tightening paper?"
- Previous message: Dave Cottle: "MacFile & profiles"
This archive was generated by hypermail 2.0b3 on Tue Jul 20 1999 - 17:15:21 CDT