Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
BID:1657
Info
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
| Bugtraq ID: | 1657 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0826 CVE-2000-0827 CVE-2000-0828 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 08 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Discovered by David Litchfield <[email protected]> and Mark Litchfield <[email protected]> and publicized in an @stake Advisory (A090800-1) on September 8, 2000. |
| Vulnerable: |
Mobius DocumentDirect for the Internet 1.2 |
| Not Vulnerable: | |
Discussion
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
A number of unchecked static buffers exist in Mobius' DocumentDirect for the Internet program. Depending on the data entered, arbitrary code execution or a denial of service attack could be launched under the privilege level of the corresponding service.
Buffer Overflow #1 - Issuing the following GET request will overflow DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe?[string at least 1553 characters long]=X HTTP/1.0
Buffer Overflow #2 - Entering a username consisting of at least 208 characters in the web authorization form will cause DDIPROC.EXE to overflow. If random data were to be used, a denial of service attack would be launched against the DocumentDirect Process Manager which would halt all services relating to it.
Buffer Overflow #3 - Issuing the following GET request will cause an access validation error in DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe HTTP/1.0\r\nUser-Agent: [long string of characters]\r\n\r\n
A number of unchecked static buffers exist in Mobius' DocumentDirect for the Internet program. Depending on the data entered, arbitrary code execution or a denial of service attack could be launched under the privilege level of the corresponding service.
Buffer Overflow #1 - Issuing the following GET request will overflow DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe?[string at least 1553 characters long]=X HTTP/1.0
Buffer Overflow #2 - Entering a username consisting of at least 208 characters in the web authorization form will cause DDIPROC.EXE to overflow. If random data were to be used, a denial of service attack would be launched against the DocumentDirect Process Manager which would halt all services relating to it.
Buffer Overflow #3 - Issuing the following GET request will cause an access validation error in DDICGI.EXE:
GET /ddrint/bin/ddicgi.exe HTTP/1.0\r\nUser-Agent: [long string of characters]\r\n\r\n
Exploit / POC
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
WildCoyote <[email protected]> has released the following exploits:
WildCoyote <[email protected]> has released the following exploits:
Solution / Fix
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
Solution:
Mobius has made an upgrade available to all of their customers directly. If you are in need of an upgrade, please contact [email protected] or call 914-921-7400 (option 1) for more information.
Solution:
Mobius has made an upgrade available to all of their customers directly. If you are in need of an upgrade, please contact [email protected] or call 914-921-7400 (option 1) for more information.
References
Mobius DocumentDirect for the Internet 1.2 Buffer Overflow Vulnerabilities
References:
References: