Buffer Overflow in Netware Web Server PERL Handler

From: Uffe Nielsen (uni_at_protego.dk)
Date: 07/23/03

  • Next message: Mandrake Linux Security Team: "MDKSA-2003:077 - Updated phpgroupware packages fix multiple vulnerabilities" 
    To: <bugtraq@securityfocus.com>
Date: Wed, 23 Jul 2003 16:17:46 +0200

    Topic: Buffer Overflow in Netware Web Server PERL Handler
    Platform : Netware 5.1 SP6, Netware 6 under certain conditions.
    Application : NetWare Enterprise Web Server
    Advisory URL: http://www.protego.dk/advisories/200301.html
    Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562
    Vendor Name: Novell, Inc.
    Vendor URL: http://www.novell.com
    Vendor contacted: 10-Feb-2003
    Public release: 23-Jul-2003

    Problem:
    The Netware Enterprise Server does not perform proper bounds check on
    requests passed to the perl interpreter through the perl virtual
    directory. This results in a buffer overflow condition, when large
    requests are sent to the perl interpreter.

    Details:
    The issue can be triggered by requesting the perl virtual directory
    followed by a long string.

    http://server/perl/aaaaaa...[Unspecified number of characters]

    The vulnerability occurs in the CGI2PERL.NLM module.

    Impact:
    A request like the above will overrun the allocated buffer and overwrite
    EIP, causing the server to ABEND and either suspend the process or
    restart itself, thereby creating a Denial of Service situation.

    Corrective actions:
    Novell has made a patch for this issue:
    http://support.novell.com/servlet/tidfinder/2966549

    Disclaimer:
    The information within this document may change without notice. Use of
    this information constitutes acceptance for use in an "AS IS" condition.
    There are NO warranties with regard to this information. In no event
    shall PROTEGO be liable for any consequences or damages, including
    direct, indirect, incidental, consequential, loss of business profits or
    special damages, arising out of or in connection with the use or spread
    of this information. Any use of this information lies within the user's
    responsibility. All registered and unregistered trademarks represented
    in this document are the sole property of their respective owners.

  • Next message: Mandrake Linux Security Team: "MDKSA-2003:077 - Updated phpgroupware packages fix multiple vulnerabilities"

    Relevant Pages

    • [VulnWatch] Buffer Overflow in Netware Web Server PERL Handler
      ... Buffer Overflow in Netware Web Server PERL Handler ... Application: NetWare Enterprise Web Server ...
      (VulnWatch)
    • Re: Object Rexx to become Open Source
      ... the Perl home page, ... Object Rexx can be used either way - if you want to ... I currently use JScript for WSH, WMI, HTA and web server scripting, plus ... I didn't mean to imply it wasn't cross-platform, ...
      (microsoft.public.scripting.wsh)
    • RE: perl and java and html
      ... know it can be done with a local web server. ... Maybe Perl is not the way to go then? ... It sounds like you want to run a perl script on your client that will ... Access to this email by anyone else, unless expressly approved by the sender or an authorized addressee, is unauthorized. ...
      (perl.beginners)
    • Re: best scenarios of using Perl
      ... What are the best scenarios Perl should be the best choice? ... Back to the world of web; if you happen to run Apache as your web server, ... it has been decided to use SSL client certificates for user authentication ... and a very simple solution for the backend server. ...
      (comp.lang.perl.misc)
    • Re: Question about Javascript and Perl form
      ... Your question is related to CGI and web server configuration and not to ... Perl specifically. ... Javascript and Perl together thing is making it ...
      (comp.lang.perl.misc)