© Neurowork™ 2010. Todos los derechos reservados.
Syb Security
es una unidad de negocio de Neurowork™ |
Otras unidades de negocio
Acerca de Neurowork™ | Mapa del sitio | Términos de uso | Marcas registradas | Política de privacidad | Comentarios
redlink Buscar
 redlink Seleccione Idioma
print e-mail sitemap
Bookmark and Share

Advisories

SYBSEC-ADV05: Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities

Title
Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities
ID
SYBSEC-ADV05
Severity
HIGH - File Viewing, DoS and Arbitrary Code Execution Vulnerabilities
History
10.FEB.2002 Vulnerability discovered
14.FEB.2002 Vendor contacted
Scope
Application Denial of Service and Arbitrary Code Execution Vulnerabilities
Platforms
Any
Author
URL
http://www.sybsecurity.com/advisors/SYBSEC-ADV05-Phusion_Webserver_File_Viewing_DoS_and_Arbitrary_Code_Execution_Vulnerabilities
Release
Public
Overview
Phusion Webserver Server is an Webserver for Windows 9x/NT/2000.
Affected versions
The vulnerability has been reported in versions WEB Server
Phusion Webserver version 1.0
Description
Multiple security vulnerabilities have been found in the product that allow remote attackers to launch a denial-of-service, retrieve files that reside outside the normal HTTP bounding directory, overflow an internal buffer causing it to execute arbitrary code, and execute arbitrary commands (via a directory traversal bug).
Workaround
Upgrade the sofware version you can download from:
http://www.d-ip.de/homeserver.htm
Acknowledgments
This vulnerability have been found and researched by:
- Alex Hernandez <ahernandez [at] sybsecurity [dot] com>
References
Details
" Traversal exploit 1:

Directory Traversal:
The security vulnerability is exploitable by using a specially crafted URL composed of triple
dot ".../" directory traversal sequences, with HTTP encoded character representations substituted
for "/" and "\".

Example:

http://www.example.com/.../.../.../.../test.txt

DoS attack:The server crashes after receiving a very long URL:

Example:

http://10.0.0.1/cgi-bin/AAAAAAAAA...(Ax2500)...AAA

Buffer overflow:

By issuing a long GET HTTP request, it is possible to cause the product to overflow an internal buffer
causing it to execute arbitrary commands:

Example:
http://10.0.0.1/AAAAAAAAA...(Ax2500)...AAA

Arbitrary command execution:

By using a GET HTTP request prefixed with a '/cgi-bin/' directory it is possible to execute arbitrary command
by requesting the 'cmd.exe' executable (similar to the IIS security vulnerability).

Example:

http://10.0.0.1/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\
"
Exploit tool
Exploit tool
Exploit tool