TelCondex SimpleWebserver Buffer Overflow

["Oliver Karow" <Oliver.Karow@xxxxxx>]

TelCondex SimpleWebserver Buffer Overflow
=========================================

The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a 
remote executable buffer overflow, due to missing length check on the 
referer-variable of the HTTP-header.

It is possible to overwrite the stack, and therefore to execute 
arbitrary code on the system. 

The vuln can be tested with netcat or telnet:

netcat webserver 80

GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n

The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite 
the return address on the stack.

The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!

The new (fixed) version (2.13) is available at:

http://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe


Regards,

Oliver Karow

email: oliver.karow_AT_gmx.de
web:   www.oliverkarow.de

-- 
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse für Mail, Message, More! +++