NaviCopa Web Server GET Request Buffer Overflow Vulnerability
BID:23179
Info
NaviCopa Web Server GET Request Buffer Overflow Vulnerability
| Bugtraq ID: | 23179 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-1733 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 28 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | skillTube.com is credited with the discovery of this issue. |
| Vulnerable: |
Intervations NaviCOPA Web Server 2.01 |
| Not Vulnerable: | |
Discussion
NaviCopa Web Server GET Request Buffer Overflow Vulnerability
NaviCOPA Web Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application. Successful attacks will result in the compromise of the application. Failed attempts will likely cause denial-of-service conditions.
Version 2.01 is vulnerable; prior versions may also be affected.
NaviCOPA Web Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application. Successful attacks will result in the compromise of the application. Failed attempts will likely cause denial-of-service conditions.
Version 2.01 is vulnerable; prior versions may also be affected.
Exploit / POC
NaviCopa Web Server GET Request Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
NaviCopa Web Server GET Request Buffer Overflow Vulnerability
Solution:
The vendor has addressed this issue in a recent patch. Please see the references for more information.
Intervations NaviCOPA Web Server 2.01
Solution:
The vendor has addressed this issue in a recent patch. Please see the references for more information.
Intervations NaviCOPA Web Server 2.01
-
Intervations _navicpa.exe
http://www.intervations.com/download/navicopa/_navicpa.exe
References
NaviCopa Web Server GET Request Buffer Overflow Vulnerability
References:
References:
- NaviCOPA Homepage (Intervations)
- Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 (skillTube.com)