Bugtraq mailing list archives
Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
From: labs () USSRBACK COM (Ussr Labs)
Date: Thu, 23 Dec 1999 03:58:15 -0300
Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT USSR Advisory Code: USSR-99024 Release Date: December 23, 1999 Systems Affected: ZBServer 1.5 Pro Edition for Win98/NT and possibly others versions. About The Software: ZBServer Pro Edition is a full-featured Internet/Intranet server software package that includes HTTP (web), Gopher, FTP and Chat Services. Fast, inexpensive and easy-to-use, ZBServer Pro is small enough to run in the background of your Windows 95 or NT computer to provide users with full or restricted access to files, graphics, sounds or movies. ZBServer Pro can provide organizations of all sizes enterprise-wide web service to internal and external TCP/IP network users THE PROBLEM UssrLabs found a Local / Remote Buffer overflow, The code that handles GET commands has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed. Do you do the w00w00? This advisory also acts as part of w00giving. This is another contribution to w00giving for all you w00nderful people out there. You do know what w00giving is don't you? http://www.w00w00.org/advisories.html Binary or source for this Exploit: http://www.ussrback.com/ Vendor Status: i email the vendor, and i dont have a responce :( Vendor Url: http://www.zbserver.com/ Program Url: http://www.zbsoft.com/zbserver/index.htm Credit: USSRLABS SOLUTION Noting yet. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic and Wiretrip. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com
Current thread:
- [w00giving '99 #11] IMail's password encryption scheme Matt Conover (Dec 20)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 21)
- Warning to Bugtraq posters. Steven Alexander (Dec 22)
- Re: Warning to Bugtraq posters. Richard M. Smith (Dec 23)
- Re: [w00giving '99 #11] IMail's password encryption scheme Mikael Olsson (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Benjamin Congdon (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 23)
- FYI, SCO Security patches available. Aaron Sigel (Dec 23)
- Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Ussr Labs (Dec 22)
- Warning to Bugtraq posters. Steven Alexander (Dec 22)
- Lotus Notes HTTP cgi-bin vulnerability: possible workaround Bram Kerkhof (Dec 22)
- Re: [w00giving '99 #11] IMail's password encryption scheme Steven Alexander (Dec 21)