Netwin DNews News Server Buffer Overflow Vulnerability
BID:1172
Info
Netwin DNews News Server Buffer Overflow Vulnerability
| Bugtraq ID: | 1172 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0423 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 05 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Publicized in a Cerberus Information Security Advisory on May 5, 2000 by the Cerberus Security Team <[email protected]>. |
| Vulnerable: |
NetWin DNews 5.3 |
| Not Vulnerable: | |
Discussion
Netwin DNews News Server Buffer Overflow Vulnerability
DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group", "cmd" and "utag" variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target.
DNews News Server is a CGI application that gives access to auser's NNTP server over the web. There are many unchecked buffers in the program, some of which can be exploited directly from any browser. Supplying an overlylong value for the "group", "cmd" and "utag" variables, and possibly others, will overwrite their respective buffers. In this manner, arbitrary code can be executed on the remote target.
Exploit / POC
Netwin DNews News Server Buffer Overflow Vulnerability
This exploit, developed by ADM, will launch a command shell bound to a specified port.
This exploit, developed by ADM, will launch a command shell bound to a specified port.
Solution / Fix
Netwin DNews News Server Buffer Overflow Vulnerability
Solution:
Netwin has released patches which rectify this issue. Download the appropriate 5.4 patch for your platform:
ftp://ftp.netwinsite.com/pub/dnews/beta/
Solution:
Netwin has released patches which rectify this issue. Download the appropriate 5.4 patch for your platform:
ftp://ftp.netwinsite.com/pub/dnews/beta/