OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: zeno (bugtraq_at_cgisecurity.net)
Date: Tue Sep 10 2002 - 19:38:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This is a known issue. I discovered this in November of 2001.
    I visited the vendor site to see a bug report 5 days before my findings
    was published so I dropped it but still submitted a bug report on another problem.

    http://sourceforge.net/tracker/index.php?func=detail&aid=496300&group_id=15746&atid=115746
    Is the Stack overflow posting.

    My posting is below
    http://sourceforge.net/tracker/index.php?func=detail&aid=498980&group_id=15746&atid=115746

    Surprised itsbeen almost a year and no fixes...

    - zenocgisecurity.com

    >
    > ------------------------------------------------------------------------
    > -----
    > FS Advisory ID: 091002-SVWS
    >
    > Release Date: September 10, 2002
    >
    > Product: Savant Web Server 3.1 and previous
    >
    > Vendors: Savant (http://savant.sourceforge.net)
    >
    > Type: Buffer Overflow
    >
    > Severity: The ability to gain remote access to the
    > system
    >
    > Authors: Robin Keir (robin.keirfoundstone.com)
    >
    > Platforms: Microsoft Windows Variants
    >
    > CVE Candidate: CAN-2002-1120
    >
    > Foundstone Advisory: http://www.foundstone.com/advisories
    > ------------------------------------------------------------------------
    > -----
    >
    > Overview:
    >
    > A buffer overflow exists in versions 3.1 and previous of Savant Web
    > Server.
    > Exploitation of this vulnerability allows remote execution of arbitrary
    > code
    > with daemon privileges.
    >
    > Detailed Description:
    >
    > Sending a GET request containing a URL of approx. 291 characters or more
    > causes
    > Savant Web Server to crash. Exploitation is possible and proof of
    > concept code
    > has been authored to demonstrate this problem.
    >
    > Vendor Response:
    >
    > Savant was contacted on August 16th, 2002 regarding this vulnerability.
    >
    > Solution:
    >
    > Disable the Savant Web Server until a patch is made available by the
    > vendor.
    >
    > FoundScan has been updated to check for this vulnerability. For more
    > information on FoundScan, see the Foundstone website:
    > http://www.foundstone.com
    >
    > Disclaimer:
    >
    > The information contained in this advisory is copyright (c) 2002
    > Foundstone, Inc. and is believed to be accurate at the time of
    > publishing, but no representation of any warranty is given,
    > express, or implied as to its accuracy or completeness. In no
    > event shall the author or Foundstone be liable for any direct,
    > indirect, incidental, special, exemplary or consequential
    > damages resulting from the use or misuse of this information.
    > This advisory may be redistributed, provided that no fee is
    > assigned and that the advisory is not modified in any way.
    >
    >