Full Disclosure mailing list archives
Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1
From: <muts () zahav net il>
Date: Tue, 1 Feb 2005 12:47:48 +0200
See Security, Research and Development ------------------------------------------------------ [-] Product Information Savant is a full-featured open source web server for computers running any version of Windows 95/NT or greater. Product Homepage: http://sourceforge.net/projects/savant/ [-] Vulnerability Description A buffer overflow vulnerability was discovered in Savant Web Server 3.1 which allows remote code execution by sending a malformed HTTP request. [-] Analysis When sending a malformed HTTP request in the format Any_Text / [256 Bytes]\r\n we will be able to overwrite the instruction pointer with an arbitrary address. [-] Vendor Notification The vendor was not available for notification. [-] Exploit Attached. Developed by Tal Zeltzer And Mati Aharoni [-] Credits The vulnerability was discovered by Mati Aharoni Metasploit Google _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1 muts (Feb 01)
- Re: Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1 Andrew Farmer (Feb 01)