Bugtraq mailing list archives
Re: Tornado www-server v1.2: directory traversal, buffer overflow
From: "Berend-Jan Wever" <SkyLined () edup tudelft nl>
Date: Mon, 2 Jun 2003 09:40:22 +0200
I've done a quick debugging session: The overflow does not seem exploitable other then a DoS. What happens is that there is not enough heap to hold the long strings so it writes past the heap to a location where no memory is allocated. This will cause an unhandled exception. Kind regards, Berend-Jan Wever. ----- Original Message ----- From: "D4rkGr3y" <grey_1999 () mail ru> To: <bugtraq () security nnov ru>; <bugtraq () securityfocus com> Sent: Friday, May 30, 2003 1:09 Subject: Tornado www-server v1.2: directory traversal, buffer overflow <snip>
This server is one BiG problem. IMHO is most dangerous server. Main bug in DNA ;D Attacker may see any files in system (but only if he know path and filename), may crash server (and exec malicious code) by sending long http request. Examples: www.server.com/../existing_file <-file be showed www.server.com/aa[more than 471 chars] | | #--------------------------------------------------------------# | Exploit: | ~~~~~~~~ Naah, its not interesting. Lets authors code something better.
<snip>
Current thread:
- Re: Tornado www-server v1.2: directory traversal, buffer overflow Berend-Jan Wever (Jun 03)