Full Disclosure mailing list archives
Essentia Web Server 2.12 (Linux)
From: B-r00t <br00t () blueyonder co uk>
Date: Fri, 4 Jul 2003 12:33:54 +0000 (GMT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Buffer Overflow in Linux Essentia Webserver. Author: By B-r00t <br00t () blueyonder co uk Date: 04/07/2003 Reference: http://www.essencomp.com/ Versions: Essentia Web Server 2.12 (Linux) => VULNERABLE Related Info: http://www.securityfocus.com/bid/4159/info/ Exploit: [attached] essenexploit.c The same buffer overflow condition discovered in the Essentia webserver for Windows (http://www.securityfocus.com/bid/4159/info/) has been found to affect Essentia Web Server for Linux. Due to the service running as root (to bind to port 80), remote exploitation results in an attacker gaining system administration 'root' access. POC code essenexploit.c is attached. - -- B#. - ---------------------------------------------------- Email : B-r00t <br00t () blueyonder co uk> Key fingerprint = 74F0 6A06 3E57 083A 4C9B ED33 AD56 9E97 7101 5462 "You Would Be Paranoid If They Were Watching You !!!" - ----------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (OpenBSD) iD8DBQE/BXQ6rVael3EBVGIRAlvFAJ9tKqcTEjTNu4Kw/TJ4NWEUNFOqVwCghbMz ZH/9EQhjoBwE1Fk/Frp1Y64= =8wz0 -----END PGP SIGNATURE-----
Attachment:
essenexploit.c
Description:
Current thread:
- Essentia Web Server 2.12 (Linux) B-r00t (Jul 04)