Moozatech: MyServer Buffer Overflow vulnerability

From: Moran (moran_at_moozatech.com)
Date: 09/12/03

  • Next message: . npguy: "Re: Cannot access memory at address 0x90909090" 
    To: <bugtraq@securityfocus.com>, <vuln-dev@securityfocus.com>
Date: Fri, 12 Sep 2003 06:58:29 -0700

    12/09/03

    Moozatech Advisory http://www.moozatech.com/mt-12-09-2003.txt

    -------------------------------------------------------

    Application: MyServer Web Server
    Web Site: http://myserverweb.sf.net
    Versions: 0.4.3 and below
    Platform: Windows98,Windows2000,Linux
    Bug: Buffer Overflow.
    Risk: Remote DOS and unauthorized remote access.
    Severity: High
    Fix Available: Yes
    -------------------------------------------------------

    1) Introduction
    2) Bug
    3) The Code
    4) Fix
    5) About Moozatech

    ===============
    1) Introduction
    ===============

    MyServer is a free, powerful web server program designed to be easily run on
    a personal
    Computer by the average computer user.
    It is a multithread application and supports HTTP, CGI, ISAPI, WinCGI and
    FastCGI protocols.

    ======
    2) Bug
    ======

    a buffer overflow might allow Remote attacker to invoke malicious code by
    submitting a request containing excessive data.
    That will cause a buffer overflow and might allow to run code of choice
    Under the web server privileges.
    The problem is in the MSCGI library (cgi-lib.dll) that doesn’t handle
    correctly long
    String values for the URI variables.

    ====================
    3) Proof of concept.
    ====================

    nc.exe -v www.victim.com < request.txt 

    --
The script is attached.
This will crash the program with a memory overflow.
======
4) Fix
======
The author has confirmed this bug and temporary fix is available through
MyServer cvs repository at:
http://myserverweb.sourceforge.net/cvs.php
Complete patch will be available in the next upcoming release of myserver.
==================
5) About Moozatech
==================
Moozatech IT Systems Ltd. (“Moozatech”) is a leading information security
consulting
and project management firm focused on developing
"Secure IT Solutions" which best suit the client's operational needs.
Moozatech devotes time to make a secure computing environment for customers.
-----
Moran Zavdi
Moozatech IT Systems
www.moozatech.com

  • Next message: . npguy: "Re: Cannot access memory at address 0x90909090"

    Relevant Pages

    • Moozatech: MyServer Buffer Overflow vulnerability
      ... Application: MyServer Web Server ... Fix Available: Yes ... About Moozatech ...
      (Bugtraq)
    • Re: Cant log-in in Hotmail
      ... Fix if This problem occurs after you apply the 832894 security update ... Web server closes the initial connection request. ... > things, and is trying to install one other update, but it says that he ... The problem is that this pack ask me for previous ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Re: Cant connect to FTP sites
      ... >Did you install these security patches? ... >A security update is available that modifies the default ... >Fix, if This problem occurs after you apply the 832894 ... >Web server closes the initial connection ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Chessbase and Pocket Fritz 2
      ... Some may recall my annoyance that Chessbase have screwed up their web server so the online database no longer works with their commercial product Pocket Fritz 2. ... I've asked Chessbase to fix this several times, and have now said I will be seeking a refund from my credit card company for the purchase cost if they won't fix the problem. ...
      (rec.games.chess.analysis)
    • Re: [Full-Disclosure] MyServer 0.4.3 Denial Of Service
      ... Read my advisory just a little bit closer. ... >> MyServer is a free and easy to configure web server. ... >> licensed under the GNU General Public License. ... the web server will crash giving a runtime error. ...
      (Full-Disclosure)