Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

TelCondex SimpleWebserver Buffer Overflow
From: "Oliver Karow" <Oliver.Karow () gmx de>
Date: Wed, 29 Oct 2003 09:49:23 +0100 (MET)
TelCondex SimpleWebserver Buffer Overflow
=========================================

The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a 
remote executable buffer overflow, due to missing length check on the 
referer-variable of the HTTP-header.

It is possible to overwrite the stack, and therefore to execute 
arbitrary code on the system. 

The vuln can be tested with netcat or telnet:

netcat webserver 80

GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n

The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite 
the return address on the stack.

The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!

The new (fixed) version (2.13) is available at:

http://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe


Regards,

Oliver Karow

email: oliver.karow_AT_gmx.de
web:   www.oliverkarow.de

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++

  By Date           By Thread  

Current thread:
  • TelCondex SimpleWebserver Buffer Overflow Oliver Karow (Oct 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]