John Roy Pi3Web Buffer Overflow Vulnerability

Bugtraq ID:	2381
Class:	Boundary Condition Error
CVE:	CVE-2001-0302 CVE-2001-0303
Remote:	Yes
Local:	Yes
Published:	Feb 15 2001 12:00AM
Updated:	Jul 11 2009 04:46AM
Credit:	Discovered and posted to Bugtraq by <[email protected]> on Feb 16, 2001.
Vulnerable:	John Roy Pi3Web 1.0.1 - Microsoft Windows 95 - Microsoft Windows NT 4.0
Not Vulnerable:	John Roy Pi3Web 2.0 - Linux kernel 2.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Sun Solaris 8_sparc - Sun SunOS 5.8 John Roy Pi3Web 1.0.3 - Microsoft Windows 95 - Microsoft Windows NT 4.0

John Roy Pi3Web Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.

Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.

John Roy Pi3Web Buffer Overflow Vulnerability

The following example has been provided by <[email protected]>:

http://target/isapi/tstisapi.dll?[a lot of 'A's]

http://localhost/[any string which causes a 404 error]

John Roy Pi3Web Buffer Overflow Vulnerability

Solution:
This issue has been addressed in John Roy Pi3Web 1.0.3:


John Roy Pi3Web 1.0.1

• John Roy Pi3Web-x86Win32-1_0_3
  http://pi3web.sourceforge.net/pi3web/files/release/Pi3Web-x86Win32-1_0 _3.exe

John Roy Pi3Web Buffer Overflow Vulnerability

References:

• Pi3Web Product Homepage (John Roy)
  
• Pi3Web Product Information Page (ZDNet)