Bugtraq mailing list archives
[COVERT-2000-08] O'Reilly WebSite Professional Overflow
From: seclabs () NAI COM (COVERT Labs)
Date: Wed, 19 Jul 2000 13:54:37 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _____________________________________________________________________ Network Associates, Inc. COVERT Labs Security Advisory July 19, 2000 O'Reilly WebSite Professional Overflow COVERT-2000-08 ______________________________________________________________________ o Synopsis The indexing utility webfind.exe distributed with O'Reilly WebSite Professional contains an unchecked buffer allowing for the remote execution of arbitrary code on vulnerable hosts. RISK FACTOR: HIGH ______________________________________________________________________ o Vulnerable Systems O'Reilly WebSite Professional version 2.x for Windows 9x/NT/2000. ______________________________________________________________________ o Vulnerability Information WebSite Professional contains two utilities, webindex and webfind, that provide full-text search capabilities for a WebSite server. Webindex provides a walkthrough wizard to create a new index, reconfigure an existing one or delete an old one. Webfind is the CGI program that searches the indexes created by Webindex. Webfind displays a search form for the user to complete, then executes the search. The webfind search form takes a user-defined string, adding it to the "keywords" parameter of the QUERY_STRING in the web request. Passing a long request to the "keywords" parameter overwrites the stack with user defined data allowing the execution of arbitrary code on the remote host. ______________________________________________________________________ o Resolution O'Reilly has corrected this issue in WebSite Professional 2.5, which is now available from: http://website.oreilly.com ______________________________________________________________________ o Credits This vulnerability was discovered by Barnaby Jack at the COVERT Labs of PGP Security, Inc. ______________________________________________________________________ o Contact Information For more information about the COVERT Labs at PGP Security, visit our website at http://www.nai.com/covert or send e-mail to covert () nai com ______________________________________________________________________ o Legal Notice The information contained within this advisory is Copyright (C) 2000 Networks Associates Technology Inc. It may be redistributed provided that no fee is charged for distribution and that the advisory is not modified in any way. Network Associates and PGP are registered Trademarks of Network Associates, Inc. and/or its affiliated companies in the United States and/or other Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. ______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <http://www.nai.com> iQA/AwUBOXYVjaF4LLqP1YESEQJHgQCg0DAeyxVRAbgQ4KmjfjZHdWfT4UcAoN2H 5rXy5v3NlVhnw2h9euiMVqJr =WYa4 -----END PGP SIGNATURE-----
Current thread:
- Re: CheckPoint FW1 BUG, (continued)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)
- Re: CheckPoint FW1 BUG uh Clem (Jul 14)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)
- Re: CheckPoint FW1 BUG Jon Paul, Nollmann (Jul 17)
- Re: CheckPoint FW1 BUG Benjamin Smee (Jul 19)
- HP Jetdirect - Invalid FTP Command DoS Peter Grundl (Jul 19)
- Re: CheckPoint FW1 BUG Per Hoff (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717) Cerberus Security Team (Jul 19)
- Alert: Buffer Overrun is O'Reilly WebsitePro webfind.exe (CISADV000718) Cerberus Security Team (Jul 19)
- Outlook exploit fix opens old hole? Ben (Jul 19)
- [COVERT-2000-08] O'Reilly WebSite Professional Overflow COVERT Labs (Jul 19)
- Security Fix for Blackboard CourseInfo 4.0 aleph1 () securityfocus com (Jul 19)
- [TL-Security-Announce] wu-ftpd TLSA2000014-1 Joe Little (Jul 19)
- @stake iKey 1000 Security Advisory Kingpin (Jul 20)
- Re: @stake iKey 1000 Security Advisory Darren Reed (Jul 20)
- Security Update: DoS on gpm Technical Support (Jul 20)
- Re: CheckPoint FW1 BUG uh Clem (Jul 14)
- Re: CheckPoint FW1 BUG Hugo.van.der.Kooij () CAIW NL (Jul 14)
- Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)