Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Web Server/CGI)  >   GoAhead Web Server Vendors:   GoAhead Software
(Vendor Issues Fix) Re: GoAhead Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System
SecurityTracker Alert ID:  1006408
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 28 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.1
Description:   A buffer overflow vulnerability was reported in the GoAhead Web Server. A remote user can execute arbitrary code on the system.

A remote user can create a specially crafted URL to trigger the overflow and cause arbitrary code to be executed.

A demonstration exploit for ix86 Linux machines is provided. In this demonstration, the web server will execute the 'sh' file in the working directory of the web server:

Impact:   A remote user can execute arbitrary code on the server with the privileges of the web server.
Solution:   The vendor has issued a fixed version (2.1.6).
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), Windows (CE), Windows (NT), Windows (95), Windows (98)
Underlying OS Comments:  The author has indicated that Linux platforms are affected; it is not clear if other platforms are vulnerable

Message History:   This archive entry is a follow-up to the message listed below.
Aug 14 2002 GoAhead Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System

 Source Message Contents

Date:  Fri, 28 Mar 2003 13:41:29 -0800
Subject:  GoAhead WebServer security problems fixed

To whom it may concern:

I'm happy to report that the 2.1.6 release of the GoAhead WebServer fixes
the security flaws that are documented on the Security Tracker web site,

	as well as several others.

Art & Logic (, through our partnership with GoAhead
Software, maintains and supports the GoAhead WebServer.  We run a
newsgroup at news:// 
Announcements of important releases and patches are posted there.

Art & Logic also offers add-on products for the GoAhead WebServer, as well
as software development services to help companies worldwide to create
embedded web applications better and faster.

Tom Bajoras
Lead Engineer, Embedded Web
Art & Logic, Inc.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC