[Full-Disclosure] Essentia Web Server 2.12 (Linux)
From: B-r00t (br00t_at_blueyonder.co.uk)
Date: 07/04/03
- Previous message: Nick FitzGerald: "Re: [Full-Disclosure] Microsoft Cries Wolf ( again )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Fri, 4 Jul 2003 12:33:54 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title: Buffer Overflow in Linux Essentia Webserver.
Author: By B-r00t <br00t@blueyonder.co.uk
Date: 04/07/2003
Reference: http://www.essencomp.com/
Versions: Essentia Web Server 2.12 (Linux) => VULNERABLE
Related Info: http://www.securityfocus.com/bid/4159/info/
Exploit: [attached] essenexploit.c
The same buffer overflow condition discovered in the Essentia webserver
for Windows (http://www.securityfocus.com/bid/4159/info/) has been found
to affect Essentia Web Server for Linux.
Due to the service running as root (to bind to port 80), remote exploitation
results in an attacker gaining system administration 'root' access.
POC code essenexploit.c is attached.
- --
B#.
- ----------------------------------------------------
Email : B-r00t <br00t@blueyonder.co.uk>
Key fingerprint = 74F0 6A06 3E57 083A 4C9B
ED33 AD56 9E97 7101 5462
"You Would Be Paranoid If They Were Watching You !!!"
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)
iD8DBQE/BXQ6rVael3EBVGIRAlvFAJ9tKqcTEjTNu4Kw/TJ4NWEUNFOqVwCghbMz
ZH/9EQhjoBwE1Fk/Frp1Y64=
=8wz0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- TEXT/PLAIN attachment: essenexploit.c
- Previous message: Nick FitzGerald: "Re: [Full-Disclosure] Microsoft Cries Wolf ( again )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
