what you don't know can hurt you

safer.000229.EXP.1.3

safer.000229.EXP.1.3
Posted Mar 1, 2000
Site safermag.com

S.A.F.E.R. Security Bulletin 000229.EXP.1.3 - Buffer Overflow in Netscape Enterprise Server. Netscape Enterprise Server is a web server with long history of security problems. We have tested version 3.6 SP2 on Windows NT 4.0 Server edition, and found it to be vulnerable to a buffer overflow. Remote execution of code is possible.

tags | remote, web, overflow
systems | windows, nt
MD5 | bf645adf338c676adf98e5b63ac137af

safer.000229.EXP.1.3

Change Mirror Download
__________________________________________________________

S.A.F.E.R. Security Bulletin 000229.EXP.1.3
__________________________________________________________


TITLE : Buffer Overflow in Netscape Enterprise Server
DATE : February 29, 2000
NATURE : Denial-of-Service, Remote Code Execution
PLATFORMS : Windows NT 4.0, possibly others

DETAILS:

Netscape Enterprise Server is a web server with long history of security
problems. We have tested version 3.6 SP2 on Windows NT 4.0 Server
edition, and found it to be vulnerable to a buffer overflow.


PROBLEM:

A buffer overflow exists in Netscape Enterprise Server version 3.6 SP2,
and possibly others, which allows remote users to execute arbitrary
code. The request which will cause httpd.exe process to crash is (for
example):

GET /[4080 x 'A'] HTTP/1.0

The method seems not to be important at all, but the length of the
request does. You can use BLAH as a method (instead of GET), or any
other string you wish. Dr. Watson pops up with a message:

" Exception access violation (0xc0000005), Address 0x41414141 "

Remote execution of code is possible.


FIXES:

The problem is present in Netscape Enterprise Server 3.6 SP2, running
on Windows NT platform. We have also tested Netscape Enterprise Server
3.51I running on Solaris, and found it not to be vulnerable.

Until the official statement from Netscape is released, consider the
possibility that all versions are vulnerable.

We have tried to contact Netscape and inform them about vulnerabilities
(including this buffer overflow, and few others) in their web server,
but have received no reply (or acknowledgments) until now. This problem
has been found 3 months ago, Netscape has been contacted in January 2000
on several occasions. We would be happy if Netscape can contact us, so
that we can let them know about few more security problems that have
been found in Netscape Enterprise Server.


JOB OFFERS:

The Relay Group is seeking security enthusiasts with vast experience in
intrusion testing, and firewall/IDS configuration. For more information,
please visit:

http://relaygroup.com/secjobs.html


___________________________________________________________

S.A.F.E.R. - Security Alert For Entreprise Resources
Copyright (c) 2000, The Relay Group
http://www.safermag.com ---- security@relaygroup.com
___________________________________________________________

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    23 Files
  • 25
    Jun 25th
    19 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close