SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   4D Web Server Vendors:   4D, Inc.
4D Web Server Buffer Overflow in Processing Basic HTTP Authentication Lets Remote Users Crash the Server and May Allow Arbitrary Code to Be Executed
SecurityTracker Alert ID:  1004211
SecurityTracker URL:  http://securitytracker.com/id/1004211
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 2 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.7.3
Description:   A buffer overflow vulnerability has been reported in the 4D web server. A remote user can cause the web service to crash and may be able to execute arbitrary code on the server.

iXsecurity warned that a remote user can submit a basic authentication request with specially crafted contents for the 'username' or the 'password' field to trigger the overflow.

It is reported that the server performs some checks to ensure that only certain permitted characters are submitted but fails to check the length of the strings. A remote user can trigger the overflow and cause the EIP register to be overwritten, either crashing the server or potentially executing arbitrary code on the server.

Impact:   A remote user can crash the web server and may be able to execute arbitrary code on the server with the privileges of the web server.
Solution:   The vendor has reportedly issued a fix or will be issuing a fix shortly. According to the report, 4D has assigned this issue Bug Number: ACI0021102. The upgrade version may be 4D 6.8.1. Contact the vendor for additional information.

The latest versions are available at:

http://www.4d.com/downloads/products.html

Vendor URL:  www.4d.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  iXsecurity.20020404.4d_webserver.a


iXsecurity Security Vulnerability Report
No: iXsecurity.20020404.4d_webserver.a
========================================

Vulnerability Summary
---------------------
Problem:             The 4D webserver has a buffer overflow condition.

Threat:              An attacker could make the webserver crash and
                     possibly execute arbitrary code.

Affected Software:   4D Webserver version 6.7.3 verified.

Platform:            Windows verified.

Solution:            Update to the version mentioned below.


Vulnerability Description
-------------------------
An attacker could overflow the username or password field in a basic
authentication resulting in EIP overwrite and possible arbitrary code
execution. There are a few checks of the buffer, including a check to
make
sure only "valid" characters are sent. If "invalid" characters are found
the copy is terminated. Ironicaly there is no bounds check. Because of
the
various checks, it is a bit more complicated to exploit, since it
minimizes
the code one can include in the buffer.

Solution
-------
The solution for Bug Number: ACI0021102 is to upgrade to the latest
version, which will be 4D 6.7.4 or 4D 6.8.1.

Additional Information
----------------------
4D was contacted 20020405.

This vulnerability was found and researched by
patrik@cqure.net
jonas@cqure.net


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC