[UNIX] Buffer Overflow in Whois Client
From: SecuriTeam (support_at_securiteam.com)
Date: 08/24/03
- Previous message: SecuriTeam: "[NEWS] Cross Site Scripting Vulnerability Found in Yahoo WebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 24 Aug 2003 16:35:19 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Buffer Overflow in Whois Client
------------------------------------------------------------------------
SUMMARY
Whois client is "a client to query the Whois servers, collecting data
about internet domains". Zone-h Security Team has discovered a buffer
overflow vulnerability in Whois client (all versions).
DETAILS
By default, the Whois client is not setuid, therefore the bug is not
exploitable locally. However, there are many CGI scripts, written in
PHP/Perl, that use the Whois client. Therefore, it is possible to gain
remote access to the server with web server privileges.
To test the buffer overflow:
astharot@astharot astharot $ whois -g `perl -e "print 'a'x2000"`
Solution:
There is a simple workaround. In the file whois.c find the line
sprintf(p--, "-%c %s ", ch, optarg);
And replace it with
snprintf(p--, sizeof(fstring), "-%c %s ", ch, optarg);
ADDITIONAL INFORMATION
The information has been provided by <mailto:gentiliem@tiscali.it>
Ox6D6362@zone-h.org.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Cross Site Scripting Vulnerability Found in Yahoo WebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] SMSGate Denial of Service
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in the
way SMSGate handles incoming HTTP ... When a too big HTTP Content-Length value is received,
the server tries to ... (Securiteam) - [NEWS] SCI Photo Chat Server Cross Site Scripting
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... chat server that
supports multimedia pictures, sounds, or even videos. ... (Securiteam) - [UNIX] PrimeBase SQL Database Server Clear Text Password Storage
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The PrimeBase SQL Database
Server stores ... Administrator password during installation. ... (Securiteam) - [NT] Directory Traversal Exploit in SD Server
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... SD Server is very
easy to install, ... In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam) - [UNIX] Opt-X File Inclusion Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... malicious script that is
hosted on an attacker-controlled server. ... There's a file inclusion vulnerability
in the /includes/header.php file, ... (Securiteam)
