Re: Remote Buffer Overrun WebAdmin.exe

From: David A. Pérez (david_at_kamborio.com)
Date: 06/24/03

  • Next message: Marc Schoenefeld: "Privilege escalation applet, Java Media Framework"
    Date: Tue, 24 Jun 2003 22:31:48 +0100
    To: bugtraq@securityfocus.com
    
    

    > NGSSoftware Insight Security Research Advisory
    >
    > Name: Remote System Buffer Overrun WebAdmin.exe
    > Systems Affected: Windows
    > Severity: High Risk
    > Category: Buffer Overrun
    > Vendor URL: http://www.altn.com/
    > Author: Mark Litchfield (mark@ngssoftware.com)
    > Date: 24th June 2003
    > Advisory number: #NISR2406-03

    I've been making a few tests using WebAdmin 2.0.3 running under IIS (WebAdmin.dll)

    On my tests, I haven't been able to exploit this issue beyond the scope of a Denial of Service. The Active Server Pages
    service just reboots itself and two entries are added to the event log:

    Application Log:

    Event Type: Information
    Event Source: Active Server Pages
    Event Category: None
    Event ID: 3
    Date: 24/06/2003
    Time: 22:19:16
    User: N/A
    Computer: XXX
    Description:
    Service started.

    System Log:

    Event Type: Warning
    Event Source: W3SVC
    Event Category: None
    Event ID: 37
    Date: 24/06/2003
    Time: 22:17:33
    User: N/A
    Computer: XXX
    Description:
    Out of process application '/LM/W3SVC/3/Root/WebAdmin' terminated unexpectedly.
    For additional information specific to this message please visit the Microsoft Online Support site located at:
    http://www.microsoft.com/contentredirect.asp.

    David A. Pérez


  • Next message: Marc Schoenefeld: "Privilege escalation applet, Java Media Framework"