[NT] PlanetWeb Web Server Buffer Overflow in Processing GET Requests

From: support@securiteam.com
Date: 11/21/02

Next message: support@securiteam.com: "[UNIX] XSS Vulnerability Found in phpBB (Highlight)"

Previous message: support@securiteam.com: "[NEWS] Remote Buffer Overflow Vulnerability in Zeroo HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 21 Nov 2002 11:50:43 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -

PlanetWeb Web Server Buffer Overflow in Processing GET Requests
------------------------------------------------------------------------

SUMMARY

A vulnerability in PlanetWeb's Web Server allows remote attackers to cause
it to execute arbitrary code.

DETAILS

Vulnerable systems:
* PlanetWeb version 1.14

Immune systems:
* PlanetWeb version 1.15

Vendor response:
For existing users of PlanetWeb version 1.14, a one-click downloadable
patch is available from one of the following download sites. This patch
corrects the buffer overflow vulnerability and also includes additional
features including integrated support for virtual domain hosting.

Please note that this patch will only correctly install on the computer
that has the PlanetWeb software installed.

<http://www.planetdns.net/plugins/mshweb.msh>
http://www.planetdns.net/plugins/mshweb.msh
Or
<ftp://ftp.planetdns.net/software/windows/plugins/mshweb.msh>
ftp://ftp.planetdns.net/software/windows/plugins/mshweb.msh

PlanetWeb version 1.14 customers are encouraged to upgrade to PlanetWeb
version 1.15 (or later). You must first uninstall the existing version
before downloading the upgrade from one of the following download sites:
<http://www.planetdns.net/client/pdnsweb32v115.exe>
http://www.planetdns.net/client/pdnsweb32v115.exe
Or
<ftp://ftp.planetdns.net/software/windows/9x/pdnsweb32v115.exe>
ftp://ftp.planetdns.net/software/windows/9x/pdnsweb32v115.exe

For any questions or concerns, please contact our technical support help
desk at: +1 519 336-4837 option 33, or by e-mail at support@planetdns.net

ADDITIONAL INFORMATION

The information has been provided by <mailto:support@planetdns.net>
PlanetDNS Support.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Next message: support@securiteam.com: "[UNIX] XSS Vulnerability Found in phpBB (Highlight)"
Previous message: support@securiteam.com: "[NEWS] Remote Buffer Overflow Vulnerability in Zeroo HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]