[VulnWatch] Remote Buffer Overrun WebAdmin.exe

From: Mark Litchfield (mark_at_ngssoftware.com)
Date: 06/25/03

  • Next message: SGI Security Coordinator: "[VulnWatch] Multiple IPv6-Induced Bugs & Vulnerabilities on IRIX"
    To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>, <vulndb@securityfocus.com>
    Date: Tue, 24 Jun 2003 15:22:21 -0700

    NGSSoftware Insight Security Research Advisory

    Name: Remote System Buffer Overrun WebAdmin.exe
    Systems Affected: Windows
    Severity: High Risk
    Category: Buffer Overrun
    Vendor URL: http://www.altn.com/
    Author: Mark Litchfield (mark@ngssoftware.com)
    Date: 24th June 2003
    Advisory number: #NISR2406-03


    WebAdmin allows administrators to securely manage MDaemon, RelayFax, and
    WorldClient from anywhere in the world


    There is a remotely exploitable buffer overrun in the USER parameter.

    By default the webadmin.exe process is started as a system service. Any
    code being passed to the server by an attacker as a result of this buffer
    overrun would therefore (based on a default install) execute with system

    POST /WebAdmin.dll?View=Logon HTTP/1.1
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
    application/x-shockwave-flash, */*
    Referer: http://ngssoftware.com:1000/
    Accept-Language: en-us
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    User-Agent: MyUser Agent
    Host: NGSSoftware.com
    Content-Length: 74
    Connection: Keep-Alive
    Cache-Control: no-cache
    Cookie: User=NGSSOFTWARE; Lang=en; Theme=Standard


    Fix Information

    NGSSoftware alerted ALTN to theses issues on the 19th of June 2003.
    A patch has now been made available from

    A check for these issues has been added to Typhon III, of which more
    information is available from the
    NGSSoftware website, http://www.ngssoftware.com

    Further Information

    For further information about the scope and effects of buffer overflows,
    please see


  • Next message: SGI Security Coordinator: "[VulnWatch] Multiple IPv6-Induced Bugs & Vulnerabilities on IRIX"