[VulnWatch] Foundstone Labs Advisory - Buffer Overflow in Savant Web Server

From: Foundstone Labs (labs@foundstone.com)
Date: 09/11/02


Date: Tue, 10 Sep 2002 15:39:02 -0700
From: "Foundstone Labs" <labs@foundstone.com>
To: "announce" <announce@foundstone.com>


------------------------------------------------------------------------
-----
FS Advisory ID: 091002-SVWS

Release Date: September 10, 2002

Product: Savant Web Server 3.1 and previous

Vendors: Savant (http://savant.sourceforge.net)
                         
Type: Buffer Overflow

Severity: The ability to gain remote access to the
system

Authors: Robin Keir (robin.keir@foundstone.com)

Platforms: Microsoft Windows Variants

CVE Candidate: CAN-2002-1120

Foundstone Advisory: http://www.foundstone.com/advisories
------------------------------------------------------------------------
-----

Overview:

A buffer overflow exists in versions 3.1 and previous of Savant Web
Server.
Exploitation of this vulnerability allows remote execution of arbitrary
code
with daemon privileges.

Detailed Description:

Sending a GET request containing a URL of approx. 291 characters or more
causes
Savant Web Server to crash. Exploitation is possible and proof of
concept code
has been authored to demonstrate this problem.

Vendor Response:

Savant was contacted on August 16th, 2002 regarding this vulnerability.

Solution:

Disable the Savant Web Server until a patch is made available by the
vendor.

FoundScan has been updated to check for this vulnerability. For more
information on FoundScan, see the Foundstone website:
http://www.foundstone.com

Disclaimer:

The information contained in this advisory is copyright (c) 2002
Foundstone, Inc. and is believed to be accurate at the time of
publishing, but no representation of any warranty is given,
express, or implied as to its accuracy or completeness. In no
event shall the author or Foundstone be liable for any direct,
indirect, incidental, special, exemplary or consequential
damages resulting from the use or misuse of this information.
This advisory may be redistributed, provided that no fee is
assigned and that the advisory is not modified in any way.



Relevant Pages

  • Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
    ... Foundstone Advisory: http://www.foundstone.com/advisories ... A buffer overflow exists in versions 3.1 and previous of Savant Web ... Savant was contacted on August 16th, 2002 regarding this vulnerability. ... The information contained in this advisory is copyright 2002 ...
    (Bugtraq)
  • Re: Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
    ... I visited the vendor site to see a bug report 5 days before my findings ... > Foundstone Advisory: http://www.foundstone.com/advisories ... > A buffer overflow exists in versions 3.1 and previous of Savant Web ... > The information contained in this advisory is copyright 2002 ...
    (Bugtraq)
  • Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
    ... Subject: Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout ...
    (Bugtraq)
  • RE: Vulnerability Assessment
    ... my message and gave enough different perspectives, ... ethereal, for all the Vulnerability ... QualysGuard and Foundstone looks like that they worked or evaluated only ... Foundstone store all data on its local hard disk. ...
    (Pen-Test)
  • Re: Vulnerability Assessment
    ... I am not sure who told you that Foundstone can not scan public IP ... A lot of places want to "automate" vulnerability ... relying on an automated process for vulnerability assessment and then ... QualysGuard and Foundstone looks like that they worked or evaluated only ...
    (Pen-Test)