RaidenHTTPD Discloses PHP Source Code and Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1013334|
SecurityTracker URL: http://securitytracker.com/id/1013334
(Links to External Site)
Date: Mar 1 2005
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Root access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): prior to 1.1.34|
Tan Chew Keong of SIG^2 reported two vulnerabilities in RaidenHTTPD. A remote user can view the source code of PHP scripts on the target system. A remote user may also be able to execute arbitrary code on the target system.|
A remote user can request a specially crafted URL to obtain the source code of PHP scripts on the server.
A remote user can submit a specially crafted HTTP request with a URL that is longer than 524 characters to trigger a buffer overflow and execute arbitrary code. The code will run with Local System privileges.
The vendor was notified on February 22, 2005.
The original advisory is available at:
A remote user can view the source code of PHP scripts on the target system.|
A remote user may be able to execute arbitrary code on the target system with Local System privileges.
The vendor has released a fixed version (1.1.34).|
Vendor URL: www.raidenhttpd.com/ (Links to External Site)
Access control error, Boundary error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [SIG^2 G-TEC] RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure|
SIG^2 Vulnerability Research Advisory
RaidenHTTPD Server Buffer Overflow and CGI Source Disclosure Vulnerabilities
by Tan Chew Keong
Release Date: 01 Mar 2005
RaidenHTTPD Server (http://www.raidenhttpd.com/en/index.html) is a full
featured web server software for Windows 98 / Me / 2000 / XP / 2003
platforms. It is easy to use and install, and is designed for anyone who
wants to have a website running within minutes. A CGI source code
disclosure vulnerability was found in RaidenHTTPD that may be exploited
to obtain the source code of any PHP scripts on the server. A buffer
overflow vulnerability was also found that may be remotely exploited to
cause DoS and allows arbitrary code execution.
RaidenHTTPD Server Version 1.1.32 (Shareware) on English Win2K SP4.
This advisory documents two vulnerabilities found in RaidenHTTPD server.
The first vulnerability may be remotely exploited to obtain the source
code of any PHP scripts on the server. The second is a buffer overflow
vulnerability that may be remotely exploited to cause DoS or to execute
arbitrary code on the server.
1. CGI source code disclosure vulnerabliity.
RaidenHTTPD supports the use of CGI scripts using PHP or PERL. The
default installation comes with PHP installed. Using a specially crafted
URL, it is possible to obtain the source code of any PHP scripts on the
2. Buffer overflow when processing HTTP requests with long URI.
A buffer overflow condition occurs when RaidenHTTPD receives an URI with
more than 524 characters in the URI. Successful exploitation allows code
execution with LOCAL SYSTEM privilege.
Vendor has released version 1.1.34 that fixes these vulnerabilities.
20 Feb 05 - Vulnerability Discovered.
22 Feb 05 - Initial Vendor Notification.
22 Feb 05 - Initial Vendor Reply.
22 Feb 05 - Received notification from vendor that fixed version 1.1.34
01 Mar 05 - Public Release.
All guys at SIG^2 G-TEC Lab
"IT Security...the Gathering. By enthusiasts for enthusiasts."