Re: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)

[<badc0ded () badc0ded com>]

----- Original Message -----
From: "Matthew Murphy" <mattmurphy () kc rr com>
To: "SecurITeam News" <news () securiteam com>; <bugtraq () securityfocus com>
Sent: Monday, July 08, 2002 8:36 PM
Subject: ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)


> ALERT: Working Resources BadBlue #2
> Vendor Notified: July 8, 2002
>
> Working Resources have been informed of a
> pair of denial of service conditions in
> the BadBlue PWS.
>
> The first vulnerability lies in the way a
> GET request is handled.  A specially
> crafted GET request can crash the target
> server.
>
> Also, a remotely exploitable overflow was
> found in an ISAPI that ships with the
> server.  Exploitation of this vulnerability
> will cause an access violation, and does
> not seem to allow code execution.
>
> Additional technical details will be made
> available as fixes are released for the
> vulnerabilities in question.
>
> Alert Published July 8, 2002
>
> "The reason the mainstream is thought
> of as a stream is because it is
> so shallow."
>                      - Author Unknown

A month or so ago I decided to lose my win32 virginity so to speak and
downloaded some software from downloads.com. One of the programs I
downloaded was badblue and I seem to recall something about a  /%2e%2e%2f/
directory traversal issue. At the time I didnt think about it too much,
being heartbroken over not finding a decent debugger for windows and left
the software alone. But after seeing posts on bugtraq about badblue I
figured maybe vuln-dev would be intrested in this.

Oh btw, what debuggers are you people using on windows?