Vulnerability Development mailing list archives
Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)
From: <badc0ded () badc0ded com>
Date: Wed, 26 Jun 2002 20:48:09 -0700
----- Original Message ----- From: "Matthew Murphy" <mattmurphy () kc rr com> To: "SecurITeam News" <news () securiteam com>; <bugtraq () securityfocus com> Sent: Monday, July 08, 2002 8:36 PM Subject: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)
ALERT: Working Resources BadBlue #2 Vendor Notified: July 8, 2002 Working Resources have been informed of a pair of denial of service conditions in the BadBlue PWS. The first vulnerability lies in the way a GET request is handled. A specially crafted GET request can crash the target server. Also, a remotely exploitable overflow was found in an ISAPI that ships with the server. Exploitation of this vulnerability will cause an access violation, and does not seem to allow code execution. Additional technical details will be made available as fixes are released for the vulnerabilities in question. Alert Published July 8, 2002 "The reason the mainstream is thought of as a stream is because it is so shallow." - Author Unknown
A month or so ago I decided to lose my win32 virginity so to speak and downloaded some software from downloads.com. One of the programs I downloaded was badblue and I seem to recall something about a /%2e%2e%2f/ directory traversal issue. At the time I didnt think about it too much, being heartbroken over not finding a decent debugger for windows and left the software alone. But after seeing posts on bugtraq about badblue I figured maybe vuln-dev would be intrested in this. Oh btw, what debuggers are you people using on windows?
Current thread:
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) badc0ded (Jul 09)
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) KF (Jul 09)
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) Dave Aitel (Jul 09)
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) Nexus (Jul 09)
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) +redrum (Jul 10)
- Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) KF (Jul 09)