AOLserver 3.0 vulnerability
From: Bob Rogers (rogers-bugtraq@rgrjr.dyndns.org)Date: 08/23/01
- Previous message: Michael Kjorling: "Re: Another sendmail exploit [local root compromise]"
- In reply to: Nate Haggard: "AOLserver 3.0 vulnerability"
- Next in thread: KF: "Re: AOLserver 3.0 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <15236.64804.937854.768693@h0050da615e79.ne.mediaone.net> Date: Thu, 23 Aug 2001 08:55:00 -0400 From: Bob Rogers <rogers-bugtraq@rgrjr.dyndns.org> To: Nate Haggard <nate@securitylogics.com> Subject: AOLserver 3.0 vulnerability
From: Nate Haggard <nate@securitylogics.com>
Date: Wed, 22 Aug 2001 16:51:45 -0600
Aolserver 3.0 will crash when it is given a long authorization string. It
is also possible this vulnerability will allow a hacker to execute
arbitrary code through a buffer overflow. I have not verified a buffer
overflow exists. Aolserver 3.4 and 3.3.1 are not vulnerable to this attack.
AOLserver 3.2 is also vulnerable (Red Hat 6.0++, kernel 2.2.19).
Here is a sample exploit
------------------------------------------
. . .
$killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n";
. . .
Shouldn't this be
$killme = "GET / HTTP/1.0\r\nAuthorization: Basic ".$junk."\r\n\r\n";
instead? Doesn't matter, though; it seems to make AOLserver hang either
way.
-- Bob Rogers
- Previous message: Michael Kjorling: "Re: Another sendmail exploit [local root compromise]"
- In reply to: Nate Haggard: "AOLserver 3.0 vulnerability"
- Next in thread: KF: "Re: AOLserver 3.0 vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
