Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Tornado www-server v1.2: directory traversal, buffer overflow
From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Mon, 2 Jun 2003 09:40:22 +0200
I've done a quick debugging session: The overflow does not seem exploitable
other then a DoS.
What happens is that there is not enough heap to hold the long strings so it
writes past the heap to a location where no memory is allocated. This will
cause an unhandled exception.

Kind regards,

Berend-Jan Wever.

----- Original Message ----- 
From: "D4rkGr3y" <grey_1999 () mail ru>
To: <bugtraq () security nnov ru>; <bugtraq () securityfocus com>
Sent: Friday, May 30, 2003 1:09
Subject: Tornado www-server v1.2: directory traversal, buffer overflow
<snip>

 This server is one BiG problem. IMHO is most dangerous server.
 Main bug in DNA ;D Attacker may see any files in system (but
 only if he know path and filename), may crash server (and exec
 malicious code) by sending long http request. Examples:

 www.server.com/../existing_file           <-file be showed

 www.server.com/aa[more than 471 chars]
|                                                              |
#--------------------------------------------------------------#
| Exploit:                                                     |
  ~~~~~~~~

 Naah, its not interesting. Lets authors code something better.

<snip>

  By Date           By Thread  

Current thread:
  • Re: Tornado www-server v1.2: directory traversal, buffer overflow Berend-Jan Wever (Jun 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]