[VulnWatch] [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension

From: pokleyzz (pokleyzz_at_scan-associates.net)
Date: 09/05/03

  • Next message: _at_stake Advisories: "[VulnWatch] Asterisk SIP Implementation Issue" 
    Date: Fri, 05 Sep 2003 09:41:37 +0800
To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org

    SCAN Associates Sdn Bhd Security Advisory

    Products: Foxweb 2.5 (http://www.foxweb.com)
    Date: 5th September 2003
    Author: pokleyzz <pokleyzz_at_scan-associates.net>
    Contributors:
        sk_at_scan-associates.net
        shaharil_at_scan-associates.net
        munir_at_scan-associates.net
    URL: http://www.scan-associates.net

    Summary: Foxweb 2.5 buffer in foxweb CGI and ISAPI extension

    Description
    ========
    FoxWeb is a Web application development tool, which can be used to
    quickly and easily integrate your FoxPro and client-server databases
    with the
    Web and to build interactive Web applications for intranets or the
    Internet. Take advantage of the fastest PC-based database engine and
    ease of use
    of Visual FoxPro to create dynamic Web content. Whether you are a
    seasoned developer or a "newbie," FoxWeb provides the tools and resources
    to help you create interactive applications in less time and with less
    effort.

    Details
    ======
    There is buffer overflow in PATH_INFO for foxweb.dll and foxweb.exe
    from foxweb 2.5. It will occur when user suppy overlong PATH_INFO
    (over 3000 byte).
    ex:
        http://www.com/scripts/foxweb.dll/[3000 A's]

    This stackbase overflow is easy to exploit and may lead to command
    execution as webuser.

    Proof of concept
    ============
    [see attachment]

    Vendor Response
    ============
    Vendor has been contacted on 28th July 2003 and patch is available.

  • Next message: _at_stake Advisories: "[VulnWatch] Asterisk SIP Implementation Issue"