SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   4D Web Server Vendors:   4D, Inc.
4D Web Server Buffer Overflow in Processing Long HTTP Requests May Let Remote Users Execute Arbitrary Code or Crash the Service
SecurityTracker Alert ID:  1004581
SecurityTracker URL:  http://securitytracker.com/id/1004581
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 19 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 6.7.3
Description:   A buffer overflow vulnerability was reported in the 4D web server. A remote user may be able to execute arbitrary code on the system or cause the system to crash.

It is reported that the 4D server does not properly handle long HTTP requests. If the overflow is triggered, the 4D service will terminate.

The vendor has reportedly been notified.

The author of the report credits Dumitru Vlad with discovering and researching this bug.

Impact:   A remote user can cause the web service to crash. A remote user may be able to cause the server to execute arbitrary code.
Solution:   The author of the report indicates that 4D version 6.8 seems to correct the problem. However, the vendor has not confirmed this.
Vendor URL:  www.4d.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  4D 6.7 DOS and Buffer Overflow Vulnerability


Vulnerability Summary
---------------------
Problem: 	The 4D 6.7 webserver has a buffer overflow condition.

Threat:	An attacker could make the webserver crash and possibly execute
arbitrary code.

Affected Software:	4D Webserver version 6.7.3 verified.

Platform:	 Windows verified.

Solution:	Update to the version mentioned below.


Vulnerability Description
-------------------------
4D is unable to handle long HTTP requests. The result is a termination of
the 4D application as the buffer is overflown.

Solution
-------
4D 6.8 seems to of addressed this problem.

Additional Information
----------------------
4D was contacted 20020606 but returned no reply.

This vulnerability was found and researched by
Dumitru Vlad


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC