mailing list archives
Re: [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs
From: Jeff Williams <jeffwillis30 () gmail com>
Date: Wed, 27 Jan 2010 08:10:37 -0500
RedTeam Pentesting believes it is
also possible to exploit this vulnerability to execute code on the
Cant you open a debugger ?
Proof of Concept
The following command can be used to crash the server if it is called
$ curl -i "http://gncaster.example.com:1234/`perl<http://gncaster.example.com:1234/%60perl>-e 'printf "A"x988'`"
Jeremy's back yo !
A vulnerable server could be protected from this vulnerability by an
application layer firewall that filters overly long HTTP GET requests.
Update GNCASTER to version 184.108.40.206.
This vulnerability can be used for very efficient DoS attacks. This is
especially serious as GNCaster is a real time application that is
typically used by multiple mobile clients that rely on a functioning
server. The vulnerability could potentially also be leveraged to remote
code execution on the server. The risk is therefore regarded as high.
2009-07-06 Vulnerability identified during a penetration test
2009-07-14 Meeting with customer
// 8 days later, wtf ?!?
2009-12-01 Vendor releases fixed version
2010-01-27 Advisory released
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/