Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Essentia Web Server 2.12 (Linux)

From: B-r00t <br00t () blueyonder co uk>
Date: Fri, 4 Jul 2003 12:33:54 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1





        Title:          Buffer Overflow in Linux Essentia Webserver.
        Author:         By B-r00t <br00t () blueyonder co uk

        Date:           04/07/2003
        Reference:      http://www.essencomp.com/
        Versions:       Essentia Web Server 2.12 (Linux) => VULNERABLE
        Related Info:   http://www.securityfocus.com/bid/4159/info/

        Exploit:        [attached] essenexploit.c


The same buffer overflow condition discovered in the Essentia webserver
for Windows (http://www.securityfocus.com/bid/4159/info/) has been found
to affect Essentia Web Server for Linux.

Due to the service running as root (to bind to port 80), remote exploitation
results in an attacker gaining system administration 'root' access.

POC code essenexploit.c is attached.

- -- 

B#.
- ----------------------------------------------------
Email : B-r00t <br00t () blueyonder co uk>
Key fingerprint = 74F0 6A06 3E57 083A 4C9B
                  ED33 AD56 9E97 7101 5462
"You Would Be Paranoid If They Were Watching You !!!"
- -----------------------------------------------------












-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (OpenBSD)

iD8DBQE/BXQ6rVael3EBVGIRAlvFAJ9tKqcTEjTNu4Kw/TJ4NWEUNFOqVwCghbMz
ZH/9EQhjoBwE1Fk/Frp1Y64=
=8wz0
-----END PGP SIGNATURE-----

Attachment: essenexploit.c
Description:

Previous By Date Next
Previous By Thread Next

Current thread: