SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   BadBlue Web Server Vendors:   Working Resources (BadBlue)
BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names
SecurityTracker Alert ID:  1000945
SecurityTracker URL:  http://securitytracker.com/id/1000945
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Feb 17 2001
Original Entry Date:  Feb 17 2001
Impact:   Denial of service via network, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): BadBlue 1.02.07 Personal Edition and possibly others with the same version number
Description:   The BadBlue web server for Windows reportedly contains two vulnerabilities. By remotely providing the web server's "ext.dll" file with improper data, you can 1) obtain the full path of the web server, and 2) crash the web server.

The BadBlue web server reportedly serves files through a library called ext.dll. A typical request might be:

http://127.0.0.1/ext.dll?mfcisapicommand=loadpage&page=default.hts

If data following the "ext.dll" in a request is ommitted, the server will return an error which discloses the path of the server on the host. In addition, by supplying data of 284 bytes or greater following the "ext.dll", the BadBlue web server can be made to crash.

Impact:   An attacker can remotely determine the full path of the web server and can cause the web server to crash.
Solution:   The vendor has fixed the problem in a new release: BadBlue version 1.02.8.
Vendor URL:  www.badblue.com (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  FW: BadBlue Web Server Ext.dll Vulnerabilities


-----Original Message-----
From: SNS Research [mailto:vuln-dev@greyhack.com]
Sent: Saturday, February 17, 2001 2:19 AM
To: security@win2000mag.com
Subject: BadBlue Web Server Ext.dll Vulnerabilities


Strumpf Noir Society Advisories
! Public release !
<--#


-= BadBlue Web Server Ext.dll Vulnerabilities =-

Release date: Saturday, February 17, 2001


Introduction:

BadBlue is a (MS Windows-based) web server intended for a wide range of
applications, from providing file sharing possibilities to an
application development and deployment environment. It includes
full-featured support of tools like CGI, ISAPI and PHP.

BadBlue can be found on at vendor Working Resources Inc.'s website:
http://www.badblue.com


Problem:

The BadBlue web server serves files through a library called ext.dll.
A typical request to the server would be build up through a request to
this file together with a string containing the actual command data like
so: http://127.0.0.1/ext.dll?mfcisapicommand=loadpage&page=default.hts

Some ways have been found to manipulate the server by playing with this
string. By omitting the data following ext.dll in above mentioned
request, the server will return an error which discloses information
regarding the path where it is running on the machine. What's more, by
substituting this data for a string of 284 bytes or more, the BadBlue
web server will die.


Directory disclosure example:

http://server/ext.dll

will result in:

[Error: opening c:\program files\badblue\pe\default.htx (2)]


Denial-of-service example:

http://server/ext.dll?aaaaa(x 248 bytes)

will cause the server to die.


(..)


Solution:

Working Resources Inc. has made BadBlue version 1.02.8 availble from its
website, which adresses these problems.

This was tested against BadBlue 1.02.07 Personal Edition. After
contacting the vendor it is our understanding that the other members of
the BadBlue product suite are based on the same code base and are
vulnerable as well. Users are encouraged to upgrade.


yadayadayada

Free sk8! (http://www.freesk8.org)

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC