Bugtraq mailing list archives
Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers
From: techs () OBFUSCATION ORG (Erik Fichtner)
Date: Thu, 26 Aug 1999 11:59:52 -0400
On Wed, Aug 25, 1999 at 04:08:36PM -0400, X-Force wrote:
Internet Security Systems (ISS) X-Force has discovered a vulnerability in the Netscape Enterprise Server and Netscape FastTrack Server. Netscape produces web servers and web browsers for individuals, small workgroups, and business professionals. An attacker can send the web server an overly long HTTP GET request, overflowing a buffer in the Netscape httpd service and overwriting the process's stack. This allows a sophisticated attacker to force the machine to execute any program code that is sent. The ISS X-Force has demonstrated that it is possible to use this vulnerability to execute arbitrary code as SYSTEM on the server, giving an attacker full control of the machine. Affected Versions: This vulnerability was tested on Enterprise 3.6sp2 and FastTrack 3.01. Fix Information: Apply the Enterprise 3.6 SP 2 SSL Handshake fix, available from Netscape at: http://www.iplanet.com/downloads/patches/detail_12_86.html.
Is this vulnerability in other versions of Enterprise server? Does it exist on all platforms? Is this an issue only with the SSL server (SSL Handshake? huh? what does THAT have to do with a GET request?) or does this affect the entire server? Are patches available for previous versions of Enterprise server?
Additional Information: To download the FlexCheck for this vulnerability for Internet Scanner 6.0, go to the following URL: http://download.iss.net/eval/ISNetscapeGetOverflowFlexCheck.exe
Oh, so the only way we're going to get anything resembling useful information about wether we're running vulnerable servers is if we run out and get a copy of Internet Scanner? -- Erik Fichtner; Warrior SysAdmin (emf|techs) http://www.obfuscation.org/~techs N 38 53.055' W 77 21.860' 764 ft. "When you're having a bad day and it seems like people are trying your patience to no end, remember, it takes 42 muscles to frown and only 4 to pull the trigger on a decent sniper rifle."
Current thread:
- ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers X-Force (Aug 25)
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Erik Fichtner (Aug 26)