SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   mnoGoSearch Vendors:   Lavtech.Com Corp.
mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server
SecurityTracker Alert ID:  1004282
SecurityTracker URL:  http://securitytracker.com/id/1004282
CVE Reference:   CVE-2002-0789   (Links to External Site)
Updated:  Jul 28 2003
Original Entry Date:  May 11 2002
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.1.19 and prior
Description:   A vulnerability was reported in the mnoGoSearch engine. A remote user could execute arbitrary code on the system.

qitest1 issued a security advisory warning of a heap overflow in the mnoGoSearch SQL-based web search engine. A remote user can create a URL query string with a long query value for 'q' to trigger the vulnerability and cause arbitrary code to be executed. The format for the query is:

http://127.0.0.1/cgi-bin/search.cgi?q=query

The code would be executed with the privileges of the web server.

Impact:   A remote user can execute arbitrary code on the system with the privileges of the web server.
Solution:   According to the report, the authors of the code have indicated that the vulnerability has been fixed in the cvs version. However, the stable version that is recommended on the vendor web site is reported to still be vulnerable.
Vendor URL:  www.mnogosearch.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 28 2003 (Conectiva Issues Fix) mnoGoSearch SQL-based Search Engine Software Has Heap Overflow That Lets Remote Users Execute Arbitrary Code with the Privileges of the Web Server
Conectiva has released a fix.



 Source Message Contents

Subject:  Bug in mnogosearch-3.1.19


--8323328-1343702461-1021136895=:4281
Content-Type: TEXT/PLAIN; charset=US-ASCII


	qitest1 security advisory #003

Bug in mnogosearch-3.1.19 and prior
-----------------------------------------------

PROGRAM DESCRIPTION
mnoGoSearch is a full-featured SQL based web search engine, 
available from http://www.mnogosearch.org.

PROBLEM DESCRIPTION
When receiving a too long query string (q var), search.cgi
segfaults (http://127.0.0.1/cgi-bin/search.cgi?q=query). The bug
resides in a bad management of heap-allocated memory. The bug could
be abused by remote attackers to execute code with web server  
privileges.

SOLUTION
Authors were contacted a month ago: they told me that the cvs 
version had been fixed. Nevertheless the stable version
recommended on their web site is still bugged. At the moment you
should disable search.cgi, use the stupid patch attached to this
advisory (for 3.1.19) or alternatively install last cvs version.

--
---- q1-- http://qitest1.0xfee1dead.net/
--

--8323328-1343702461-1021136895=:4281
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mnogosearch-3.1.19.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.21.0205111908150.4281@lab.house.net>
Content-Description: 
Content-Disposition: attachment; filename="mnogosearch-3.1.19.patch"

LS0tIHNyYy9zZWFyY2guYwlUdWUgSnVuIDI2IDEwOjU1OjE3IDIwMDENCisr
KyBzcmMvc2VhcmNoLmMJV2VkIE1heSAgOCAxNToxNzoxMiAyMDAyDQpAQCAt
MTQwMyw2ICsxNDAzLDEzIEBADQogCQkqLw0KIAkJaWYoIVVETV9TVFJOQ01Q
KHRva2VuLCJxPSIpKXsNCiAJCQljaGFyIHN0cltVRE1TVFJTSVpdPSIiOw0K
KwkvKiBSZWFsbHkgdGVtcG9yYXJ5IHNlY3VyaXR5IGZpeCAqLw0KKwlpZihz
dHJsZW4odG9rZW4pID4gNTEyKQ0KKwl7DQorCXByaW50ZigiPGh0bWw+PGJv
ZHk+UXVlcnkgc3RyaW5nIHRvbyBsb25nPC9ib2R5PjwvaHRtbD5cbiIpOw0K
KwlleGl0KDEpOw0KKwl9DQorCS8qIHExLS0JKi8gDQogCQkJcXVlcnlfd29y
ZHM9c3RyZHVwKFVkbVVuZXNjYXBlQ0dJUXVlcnkoc3RyLHRva2VuKzIpKTsN
CiAJCQlxdWVyeV91cmxfZXNjYXBlZD1zdHJkdXAoVWRtRXNjYXBlVVJMKHN0
cixxdWVyeV93b3JkcykpOw0KIAkJCXF1ZXJ5X2Zvcm1fZXNjYXBlZD1VZG1I
dG1sU3BlY2lhbENoYXJzKHF1ZXJ5X3dvcmRzKTsNCg==
--8323328-1343702461-1021136895=:4281--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC