Security Incidents mailing list archives
Remote buffer overflow in Darwin server?
From: Jeff Frost <batalion () APOCALYPSE ORG>
Date: Mon, 18 Dec 2000 16:17:39 -0800
A little quick background: At my current company, we focus on streaming media, and have been running the Darwin Streaming Server 2.0.1-110 for some time now on one of our Linux machines. Last night, someone got into the machine and started running the jolt2 DoS attack against our webserver. While the webserver didn't mind the attack, our cisco didn't appreciate us in the least, and this is what tipped us off to the hack. After examing all possible entry points into the network and the nature of the attack, it appears likely that the intruder got in through the darwin server. Running nessus against the entire network shows the only likely vulnerability being a buffer overflow in the darwin server which is remotely exploitable. Some emails to the darwin devloper list confirmed this, as they stated that that version of darwin does in fact have a buffer overflow vulnerability, though they didn't know of any exploits. My question is this: have any of you seen or heard of any remote exploits for the buffer overflow on the linux version of Darwin? I'm thinking I'd like to pull the plug on quicktime streaming until I get a better handle on whether the newer versions of Darwin have any similar vulnerabilities. Here's the nessus output (note that we need to allow streaming on port 80 for clients behind firewalls :-( ): Vulnerability found on port www (80/tcp) The remote web server seems to crash when it is issued a too long argument to the 'Accept:' command : Exemple : GET / HTTP/1.0 Accept: <thousands of chars>/gif This may allow an attacker to execute arbitrary code on the remote system. Solution : Contact your vendor for a patch. Risk factor : High Vulnerability found on port www (80/tcp) It was possible to perform a denial of service against the remote HTTP server by sending it a long /cgi-bin relative URL. This problem allows a cracker to prevent your Lotus Domino web server from handling requests. Solution : contact your vendor for a patch, or change your server. Consider changing cgi-bin mapping by something impossible to guess in server document of primary Notes NAB.
Current thread:
- Remote buffer overflow in Darwin server? Jeff Frost (Dec 18)