Bugtraq mailing list archives

AOLserver 3.0 vulnerability

From: Bob Rogers <rogers-bugtraq () rgrjr dyndns org>
Date: Thu, 23 Aug 2001 08:55:00 -0400

   From: Nate Haggard <nate () securitylogics com>
   Date: Wed, 22 Aug 2001 16:51:45 -0600

   Aolserver 3.0 will crash when it is given a long authorization string.  It 
   is also possible this vulnerability will allow a hacker to execute 
   arbitrary code through a buffer overflow. I have not verified a buffer 
   overflow exists.  Aolserver 3.4 and 3.3.1 are not vulnerable to this attack.

AOLserver 3.2 is also vulnerable (Red Hat 6.0++, kernel 2.2.19).

   Here is a sample exploit
   ------------------------------------------
   . . .
   $killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n";
   . . .

Shouldn't this be

   $killme = "GET / HTTP/1.0\r\nAuthorization: Basic ".$junk."\r\n\r\n";

instead?  Doesn't matter, though; it seems to make AOLserver hang either
way.

                                        -- Bob Rogers

Current thread:

AOLserver 3.0 vulnerability Nate Haggard (Aug 22)
- Re: AOLserver 3.0 vulnerability KF (Aug 23)
- AOLserver 3.0 vulnerability Bob Rogers (Aug 23)