Bugtraq mailing list archives

Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers

From: techs () OBFUSCATION ORG (Erik Fichtner)
Date: Thu, 26 Aug 1999 11:59:52 -0400


On Wed, Aug 25, 1999 at 04:08:36PM -0400, X-Force wrote:

Internet Security Systems (ISS) X-Force has discovered a vulnerability in
the Netscape Enterprise Server and Netscape FastTrack Server. Netscape
produces web servers and web browsers for individuals, small workgroups, and
business professionals. An attacker can send the web server an overly long
HTTP GET request, overflowing a buffer in the Netscape httpd service and
overwriting the process's stack. This allows a sophisticated attacker to
force the machine to execute any program code that is sent. The ISS X-Force
has demonstrated that it is possible to use this vulnerability to execute
arbitrary code as SYSTEM on the server, giving an attacker full control of
the machine.

Affected Versions:

This vulnerability was tested on Enterprise 3.6sp2 and FastTrack 3.01.

Fix Information:

Apply the Enterprise 3.6 SP 2 SSL Handshake fix, available
from Netscape at:
http://www.iplanet.com/downloads/patches/detail_12_86.html.


Is this vulnerability in other versions of Enterprise server?   Does
it exist on all platforms?   Is this an issue only with the SSL server
(SSL Handshake? huh? what does THAT have to do with a GET request?) or
does this affect the entire server?   Are patches available for previous
versions of Enterprise server?

Additional Information:

To download the FlexCheck for this vulnerability for Internet Scanner 6.0,
go to the following URL:

http://download.iss.net/eval/ISNetscapeGetOverflowFlexCheck.exe


Oh, so the only way we're going to get anything resembling useful
information about wether we're running vulnerable servers is if we run out
and get a copy of Internet Scanner?


--
Erik Fichtner; Warrior SysAdmin (emf|techs)
http://www.obfuscation.org/~techs      N 38 53.055'  W 77 21.860'  764 ft.
"When you're having a bad day and it seems like people are trying your
patience to no end, remember, it takes 42 muscles to frown and only 4 to pull
the trigger on a decent sniper rifle."

Current thread:

ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers X-Force (Aug 25)
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Erik Fichtner (Aug 26)