SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BOOZT! Vendors:   Solutions 4u Ltd.
(Vendor Issues Fix) Re: BOOZT! Banner Management System Lets Remote Administrators Execute Arbitrary Code on the Server
SecurityTracker Alert ID:  1003280
SecurityTracker URL:  http://securitytracker.com/id/1003280
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 17 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.8alpha; possibly other versions
Description:   A vulnerability was reported in the BOOZT! banner management system. A remote administrator can execute arbitrary code on the server.

It is reported that the BOOZT! administrative interface lets a remote user with a valid administrator account execute arbitrary code on the server with the privileges of the web server.

The flaw reporteldy resides in src/admin/banners.c where no bounds checking is performed when the value of GetFromCgi() is copied into the char name[255] variable.

A demonstration exploit method is provided:

http://[targethost]:8080/cgi-bin/boozt/admin/index.cgi?section=5&input=1

Fill the "Name Field" with enough A's (770 was reported to be enough) and then press "Create New Banner" to trigger the vulnerability.

Impact:   A remote user with an administrative account on the banner management system can execute arbitrary code on the server with the privileges of the web server daemon.
Solution:   The vendor has released a fixed version (Boozt! Standard version 0.9.9). The vendor encourages all users of Boozt! Standard 0.9.8 alpha to upgrade to 0.9.9 as soon as possible.

The new version is available at:

http://www.boozt.com/download.php

Vendor URL:  www.boozt.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 6 2002 BOOZT! Banner Management System Lets Remote Administrators Execute Arbitrary Code on the Server



 Source Message Contents

Subject:  Boozt! update


http://www.boozt.com/news_detail.php?id=3

Boozt! Standard version 0.9.9 was released today. This release was
required to correct a buffer overflow vulnerability identified in the
previous version. All users of Boozt! Standard 0.9.8 alpha are
encouraged to upgrade to 0.9.9 as soon as possible.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC