FS-091002-SVWS

FS-091002-SVWS: Posted Sep 11, 2002; Authored by Robin Keir | Site foundstone.com; Foundstone Security Advisory FS-091002-SVWS - A buffer overflow exists in versions 3.1 and previous of Savant Web Server. Exploitation of this vulnerability allows remote execution of arbitrary code with daemon privileges. Sending a GET request containing a URL of approximately 291 characters or more causes Savant Web Server to crash. Exploitation is possible and proof of concept code has been authored to demonstrate this problem.; tags | remote, web, overflow, arbitrary, proof of concept; SHA-256 | 70f37fc074e30ee6045d809d83b646df568badcf9e022b3ef37bb31966b9d22c; Download | Favorite | View

FS-091002-SVWS

------------------------------------------------------------------------
-----
FS Advisory ID:            091002-SVWS

Release Date:              September 10, 2002

Product:                   Savant Web Server 3.1 and previous

Vendors:                   Savant (http://savant.sourceforge.net)
                         
Type:                      Buffer Overflow

Severity:                  The ability to gain remote access to the
system

Authors:                   Robin Keir (robin.keir@foundstone.com)

Platforms:                 Microsoft Windows Variants             

CVE Candidate:             CAN-2002-1120

Foundstone Advisory:       http://www.foundstone.com/advisories
------------------------------------------------------------------------
-----

Overview:

A buffer overflow exists in versions 3.1 and previous of Savant Web
Server. 
Exploitation of this vulnerability allows remote execution of arbitrary
code 
with daemon privileges.

Detailed Description:

Sending a GET request containing a URL of approx. 291 characters or more
causes
Savant Web Server to crash.  Exploitation is possible and proof of
concept code 
has been authored to demonstrate this problem.

Vendor Response:

Savant was contacted on August 16th, 2002 regarding this vulnerability.

Solution:

Disable the Savant Web Server until a patch is made available by the
vendor.

FoundScan has been updated to check for this vulnerability. For more
information on FoundScan, see the Foundstone website:
http://www.foundstone.com

Disclaimer:

The information contained in this advisory is copyright (c) 2002 
Foundstone, Inc. and is believed to be accurate at the time of 
publishing, but no representation of any warranty is given, 
express, or implied as to its accuracy or completeness. In no 
event shall the author or Foundstone be liable for any direct, 
indirect, incidental, special, exemplary or consequential 
damages resulting from the use or misuse of this information.  
This advisory may be redistributed, provided that no fee is 
assigned and that the advisory is not modified in any way.

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,583)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,746)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,657)
Other

FS-091002-SVWS

FS-091002-SVWS

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FS-091002-SVWS

Share This

FS-091002-SVWS

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems