what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CISADV000505.txt

CISADV000505.txt
Posted May 17, 2000
Authored by Mark Litchfield | Site cerberus-infosec.co.uk

Cerberus Information Security Advisory (CISADV000505) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Netwin's (https://netwinsite.com) DNewsWeb (dnewsweb/dnewsweb.exe v5.3e1), CGI program designed to give access to NNTP services over the world wide web. By supplying a specially formed QUERY_STRING to the program a buffer is overflowed allowing execution of arbitrary code compromising the web server.

tags | exploit, web, overflow, arbitrary, cgi
SHA-256 | 6f72b6f4d384bdcf7670e19301cef27ef2e199ac7ae94fecc8d11621cfa61f7b

CISADV000505.txt

Change Mirror Download
Cerberus Information Security Advisory (CISADV000505)
https://www.cerberus-infosec.co.uk/advisories.shtml

Released : 5th May 2000
Name : DNewsweb Buffer Overflow
Affected Systems : *nix/Win32 Web Servers running Dnewsweb
Issue : Attackers can remotely execute arbitrary code
Author : Mark Litchfield (xor-syst@devilnet.co.uk)

Description
***********
The Cerberus Security Team has found a remotely exploitable buffer overrun
in Netwin's (https://netwinsite.com) DNewsWeb (dnewsweb/dnewsweb.exe v5.3e1),
CGI program designed to give access to NNTP services over the world wide
web. By supplying a specially formed QUERY_STRING to the program a buffer is
overflowed allowing execution of arbitrary code compromising the web server.


Details
*******
The are several unchecked buffers in this program where several of the
QUERY_STRING parameters can be overflowed such as "group" and "utag". This
overflow is simple to exploit by overwriting the saved return address with
an address that contains a "jmp esp" or "call esp" - the remainder of the
the QUERY_STRING is pointed to by the ESP.

Solution
********
Netwin has made available a patch for this available from their ftp server:
ftp://ftp.netwinsite.com/pub/dnewsweb/beta/
Obtain the 5.4c3 version required for your system.

A check for this has been added to our security scanner, CIS. More details
about CIS can be found on our web site:
https://www.cerberus-infosec.co.uk/

Vendor Status
*************
Netwin were alerted to this on the 3rd May 2000. Cerberus would like to
thank everyone involved for their prompt response.

About Cerberus Information Security, Ltd
*****************************************
Cerberus Information Security, Ltd, a UK company, are specialists in
penetration testing and other security auditing services. They are the
developers of CIS (Cerberus' Internet security scanner) available for free
from their website: https://www.cerberus-infosec.co.uk

To ensure that the Cerberus Security Team remains one of the strongest
security audit teams available globally they continually research operating
system and popular service software vulnerabilites leading to the discovery
of "world first" issues. This not only keeps the team sharp but also helps
the industry and vendors as a whole ultimately protecting the end consumer.
As testimony to their ability and expertise one just has to look at exactly
how many major vulnerabilities have been discovered by the Cerberus Security
Team - over 70 to date, making them a clear leader of companies offering
such security services.

Founded in late 1999, by Mark and David Litchfield, Cerberus Information
Security, Ltd are located in London, UK but serves customers across the
World. For more information about Cerberus Information Security, Ltd please
visit their website or call on +44(0)208 395 4980.

Permission is hereby granted to copy or redistribute this advisory but only
in its entirety.

Copyright (C) 2000 by Cerberus Information Security, Ltd
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close