SecuriTeam - Buffer overflow in Netscape Enterprise and FastTrack Web Servers

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

The ISS X-Force has discovered buffer overflow vulnerability in the Netscape Enterprise and FastTrack Servers.

Credit:
Information in this advisory was obtained by the research of Caleb Sima of the ISS X-Force.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

An attacker can send the web server an overly long HTTP GET request, overflowing a buffer in the Netscape httpd service and overwriting the process's stack. This allows a sophisticated attacker to force the machine to execute arbitrary program code. The ISS X-Force has demonstrated the possibility of using this vulnerability to execute code as SYSTEM on the server, giving an attacker full control of the machine.

Vulnerable systems:

Netscape Enterprise 3.6sp2
Netscape FastTrack 3.0.1 on NT
Admin Server 3.5 on NT

Immune systems:
Netscape FastTrack 3.0.2 on Irix 6.x
Admin Sever 3.5 on Irix 6.x
Netscape Enterprise 3.6sp2 on Irix 6.x

Fix Information:

Apply the Enterprise 3.6 SP 2 SSL Handshake fix, available from Netscape at:
http://www.iplanet.com/downloads/patches/detail_12_86.html.

Exploit
To test yourself for this vulnerability, you can use LWP's "GET":
$ GET -C `perl -e 'print "A"x1025'`:password http://hostname:port

blog comments powered by Disqus

	RealNetworks RealPlayer RV10 Sample Height Parsing Code Execution Vulnerability
	RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Code Execution Vulnerability
	RealNetworks RealPlayer RV30 Uninitialized Index Value Code Execution Vulnerability
	RealNetworks RealPlayer Invalid Codec Name Code Execution Vulnerability
	RealNetwork RealPlayer MPG Width Integer Underflow Code Execution Vulnerability
	RealNetworks RealPlayer genr Sample Size Parsing Code Execution Vulnerability
	RealNetworks RealPlayer ATRC Code Data Parsing Code Execution Vulnerability
	RealNetworks RealPlayer Malformed AAC File Parsing Code Execution Vulnerability
	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability