Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [RT-SA-2010-001] Geo++(R) GNCASTER: Insecure handling of long URLs
From: Jeff Williams <jeffwillis30 () gmail com>
Date: Wed, 27 Jan 2010 08:10:37 -0500

RedTeam Pentesting believes it is
also possible to exploit this vulnerability to execute code on the

Cant you open a debugger ?

Proof of Concept

The following command can be used to crash the server if it is called
multiple times:

$ curl -i "http://gncaster.example.com:1234/`perl<http://gncaster.example.com:1234/%60perl>-e 'printf "A"x988'`"

Jeremy's back yo !


A vulnerable server could be protected from this vulnerability by an
application layer firewall that filters overly long HTTP GET requests.


Update GNCASTER to version

Security Risk

This vulnerability can be used for very efficient DoS attacks. This is
especially serious as GNCaster is a real time application that is
typically used by multiple mobile clients that rely on a functioning
server. The vulnerability could potentially also be leveraged to remote
code execution on the server. The risk is therefore regarded as high.


2009-07-06 Vulnerability identified during a penetration test
2009-07-14 Meeting with customer

// 8 days later, wtf ?!?

2009-12-01 Vendor releases fixed version
2010-01-27 Advisory released

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]