Bugtraq mailing list archives
Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
From: Fyodor <fyodor () RELAYGROUP COM>
Date: Fri, 27 Oct 2000 14:58:48 +0700
Please note that (fortunately!) Netscape Enterprise Server 3.6sp3 (offically end-of-lifed but still widely used) does not seem vulnerable.Overflow happens in logging function (when iWS tries to report that file is not found). If exploitation is successful (or iWS segfaults), nothing will remain in the logs.Note that the watchdog process will restart the Web server, so dumb, repetitive attacks will only effect a DoS. Intelligent attacks might be much, much worse. :-(
Not completely true. During in-lab experiments (while testing and developing the exploit), I was able to hang up NES server several times, so it doesn't die, but does not respond to any further requests either, so you have to kill it with SIGKILL to get watchdog to restart it properly. -Fyodor
Current thread:
- Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Security Research Team (Oct 27)
- Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Peter Watkins (Oct 27)
- Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Fyodor (Oct 28)
- Re: Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Peter Watkins (Oct 27)