| VID |
12049 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MyServer web server is vulnerable to a Buffer Overflow Vulnerability due to a flaw in MSCGI library.
MyServer is a freely available Web server for Microsoft Windows and Linux-based platforms. The version 0.4.3 and earlier of MyServer are vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input by the MSCGI library (cgi-lib.dll). By sending an overly long URI request to the Web server such as the following request, a remote attack can cause a buffer to overflow. It can results the Web server to crash or execute arbitrary code on the system with privileges of the Web server process.
http://[target_server]/cgi-bin/math_sum.mscgi?a=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-09/att-0227/mt-12-09-2003.txt
* Platforms Affected:
MyServer myServer 0.4.1
MyServer myServer 0.4.2
MyServer myServer 0.4.3 |
| Recommendation |
Apply a temporary fix for the solution that can be accessed through the product CVS repository from the MyServer Web page at http://myserverweb.sourceforge.net/cvs.php |
| Related URL |
(CVE) |
| Related URL |
8612 (SecurityFocus) |
| Related URL |
13175 (ISS) |
|
