CVE-2005-3655

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2005-3655 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by iDEFENSE Labs .
The original article can be found at: http://www.idefense.com/application/poi/display?type=vulnerabilities

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2005-3655

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Novell SUSE Linux Enterprise Server 9

The vulnerability specifically exists due to improper handling of a an HTTP POST request with a negative Content-Length parameter. When such a request is received, controllable heap corruption occurs which can lead to the execution of arbitrary code using traditional Linux heap overflow methods. The following HTTP request can be used to trigger this vulnerability.

  POST / HTTP/1.0
  Content-Length: -900

  DATA_THAT_WILL_BE_USED_TO_OVERWRITE_THE_HEAP

With careful manipulation of the string, an arbitrary 4 byte write may be achieved which can be used to gain execution control and execute arbitrary code.

CVE Information:
CVE-2005-3655

Disclosure Timeline:
11/15/2005 - Initial vendor notification
11/15/2005 - Initial vendor response
01/13/2006 - Coordinated public disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus