(Vendor Issues Fix) Re: GoAhead Web Server Buffer Overflow Lets Remote Users Execute Arbitrary Code on the System
SecurityTracker Alert ID: 1006408|
SecurityTracker URL: http://securitytracker.com/id/1006408
(Links to External Site)
Date: Mar 28 2003
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
A buffer overflow vulnerability was reported in the GoAhead Web Server. A remote user can execute arbitrary code on the system.|
A remote user can create a specially crafted URL to trigger the overflow and cause arbitrary code to be executed.
A demonstration exploit for ix86 Linux machines is provided. In this demonstration, the web server will execute the 'sh' file in the working directory of the web server:
A remote user can execute arbitrary code on the server with the privileges of the web server.|
The vendor has issued a fixed version (2.1.6).|
Vendor URL: www.goahead.com/webserver/webserver.htm (Links to External Site)
|Underlying OS: Linux (Any), Windows (CE), Windows (NT), Windows (95), Windows (98)|
|Underlying OS Comments: The author has indicated that Linux platforms are affected; it is not clear if other platforms are vulnerable|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Date: Fri, 28 Mar 2003 13:41:29 -0800|
Subject: GoAhead WebServer security problems fixed
To whom it may concern:
I'm happy to report that the 2.1.6 release of the GoAhead WebServer fixes
the security flaws that are documented on the Security Tracker web site,
as well as several others.
Art & Logic (www.artlogic.com), through our partnership with GoAhead
Software, maintains and supports the GoAhead WebServer. We run a
newsgroup at news://news.goahead.com/goahead.public.webserver.
Announcements of important releases and patches are posted there.
Art & Logic also offers add-on products for the GoAhead WebServer, as well
as software development services to help companies worldwide to create
embedded web applications better and faster.
Lead Engineer, Embedded Web
Art & Logic, Inc.