BID:17737

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

Info

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

Bugtraq ID:	17737
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 28 2006 12:00AM
Updated:	Apr 29 2006 03:15AM
Credit:	Discovery is credited to Dedi Dwianto.
Vulnerable:	SWS SWS Simple Web Server 0.1.7 SWS SWS Simple Web Server 0.1.6 SWS SWS Simple Web Server 0.1.5 SWS SWS Simple Web Server 0.1.4 SWS SWS Simple Web Server 0.1.3 SWS SWS Simple Web Server 0.1.2 SWS SWS Simple Web Server 0.1 .1 SWS SWS Simple Web Server 0.1 .0 SWS SWS Simple Web Server 0.0.4 SWS SWS Simple Web Server 0.0.3

Not Vulnerable:

Discussion

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

SWS Web Server is prone to multiple vulnerabilities permitting arbitrary code execution.

The application is prone to multiple format-string and buffer-overflow vulnerabilities that can attackers can exploit to execute arbitrary code. A successful exploit may facilitate a compromise of the affected computer.

Exploit / POC

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

References

SWS Web Server Multiple Arbitrary Code Execution Vulnerabilities

References:

SWS Web Server (Linux Programlama)
[ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulner ([email protected])