The 4D webserver v4.7.3 has a buffer overflow condition in the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution.
b96f3931116f62370d7fc24b352b14216c1aa472d09e0f7a13ec66181f1c021f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iXsecurity Security Vulnerability Report
No: iXsecurity.20020404.4d_webserver.a
======================================
Vulnerability Summary
- -------------------
Problem: The 4D webserver has a buffer overflow
condition.
Threat: An attacker could make the webserver crash
and possibly execute arbitrary code.
Affected Software: 4D Webserver version 6.7.3 verified.
Platform: Windows verified.
Solution: Update to the version mentioned below.
Vulnerability Description
- -----------------------
An attacker could overflow the username or password field in a basic
authentication resulting in EIP overwrite and possible arbitrary code
execution. There are a few checks of the buffer, including a check to
make sure only "valid" characters are sent. If "invalid" characters
are found the copy is terminated. Ironicaly there is no bounds check.
Because of the various checks, it is a bit more complicated to
exploit, since it minimizes the code one can include in the buffer.
Solution
- ------
The solution for Bug Number: ACI0021102 is to upgrade to the latest
version, which will be 4D 6.7.4 or 4D 6.8.1.
Additional Information
- --------------------
4D was contacted 20020405.
This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik@cqure.net
jonas@cqure.net
This document is also available at: http://www.cqure.net/advisories/
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBPNaGdY118uy6FU2iEQLbJACeJCS6/8db4ISc7tp5tN59OeIdEV8Anioz
t+8A0jZ4lOEt2MoDgqBWKvIK
=ig7I
-----END PGP SIGNATURE-----