Tornado www-server v1.2: directory traversal, buffer overflow

From: D4rkGr3y (grey_1999_at_mail.ru)
Date: 05/30/03

Next message: SPI Labs: "Internet Information Services 5.0 Denial of service"

Previous message: bugzilla_at_redhat.com: "[RHSA-2003:145-01] Updated kernel fixes security vulnerabilities and updates drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 May 2003 16:09:45 -0700
To: bugtraq@security.nnov.ru, bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----

################################################################
# _____ __ __ ___ #
# ........\ \.| |.| |/ \........ #
# : / \| | | | __> : #
# : / _ \ |_| | / __ : #
# : / / \ | <_/ \ : #
# :..../ _/ / _ | ` \....: #
# : \_________/__| |__|_______/ : #
# : Damage Hacking Group : #
# : Security Advisory : #
# :.............................: #
# #
# http://www.dhgroup.org #
#b d#
##b,________________________________________________________.d##
| |
  Product: Tornado www-server v1.2
  Authors: www.softrex.com/tornado/
| Vulnerability: multiple bugs |
#--------------------------------------------------------------#
| Overview: |
  ~~~~~~~~~

Another one http server
| |
#--------------------------------------------------------------#
| Problem: |
~~~~~~~~

This server is one BiG problem. IMHO is most dangerous server.
Main bug in DNA ;D Attacker may see any files in system (but
only if he know path and filename), may crash server (and exec
malicious code) by sending long http request. Examples:

www.server.com/../existing_file <-file be showed

www.server.com/aa[more than 471 chars]
| |
#--------------------------------------------------------------#
| Exploit: |
  ~~~~~~~~

Naah, its not interesting. Lets authors code something better.
| |
#--------------------------------------------------------------#
| :wow: |
   ~~~
   NeKr0 /DHG www.dhgroup.org
| |
#______________________________________________________________#
\___________________________da_end___________________________/

Best regards www.dhgroup.org
D4rkGr3y icq 540981

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPtaTMW4LIpseSJmPAQFU5AP/bO2H6whq/DXFdjYndYthn3sC35RlR6Lh
TF9tuOZyTPzsRwf0wKZEw3ivtyoAKVL3Qn6a+kCC7XE049TViDujQ5ykevkADl41
aA1E+wqV23xZjJfLuDBuJNgl2TbaJop+qYvrE5Rh83k81q4MdGLAuwQkM57M5xch
5JSPz5M1yC0=
=dw5D
-----END PGP SIGNATURE-----

Next message: SPI Labs: "Internet Information Services 5.0 Denial of service"

Previous message: bugzilla_at_redhat.com: "[RHSA-2003:145-01] Updated kernel fixes security vulnerabilities and updates drivers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [SLE] MySQL Database Setup
... database and get the web server running. ... Later I installed a tar ball for eZ publish bundled with Apache 1.3, ... To be sure to start on a clean installation, ... before I enabled the http server nor after I enabled the http server. ...
(SuSE)
Re: Swazoo versions
... None of our work made it into Swazoo 1.0. ... time we had been saying we used the Swazoo HTTP server, ... modules being the http server and the resource framework. ...
(comp.lang.smalltalk.dolphin)
Re: Website not available from inside PIX
... Windows 2003 Terminal Server and FTP, and the other is an Apache2.2 ... Http server 192.168.2.3: ... access-list outside_in permit icmp any interface outside echo-reply ...
(comp.dcom.sys.cisco)
Re: REST, SOAP, approaches to web connectivity
... whether you are using REST or not there has too be a session server for the ... "something" will have to facilitate communication between these ... clients and your D3 server. ... Now all you need is the communication between the middle (http server ...
(comp.databases.pick)
Re: Network file transfer
... >> The spec at the moment is to send xml files from a client, ... The server then confirms it has the file, ... > My thought here was not that you write an HTTP Server. ...
(comp.lang.java.programmer)