SWSoft ASPSeek s.cgi Buffer Overflow Vulnerability

Bugtraq ID:	2492
Class:	Boundary Condition Error
CVE:	CVE-2001-0476
Remote:	Yes
Local:	Yes
Published:	Mar 19 2001 12:00AM
Updated:	Jul 11 2009 06:06AM
Credit:	Posted to BugTraq on March 19th 2001 by "Neil K" <[email protected]>
Vulnerable:	SWSoft ASPSeek 1.0.3 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1 SWSoft ASPSeek 1.0.1 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1 SWSoft ASPSeek 1.0 - Apache Apache 1.3.13 - Apache Apache 1.3.9 - Apache Apache 1.3.9 - Apache Apache 1.3.7 -dev - Apache Apache 1.3.6 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1
Not Vulnerable:	SWSoft ASPSeek 1.1 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1 SWSoft ASPSeek 1.0.5 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1 SWSoft ASPSeek 1.0.4 - Apache Apache 1.3 - Apache Apache 1.2 - Apache Apache 1.1

SWSoft ASPSeek s.cgi Buffer Overflow Vulnerability

A buffer overflow in ASPSeek versions 1.0.0 through to 1.0.3 allows for arbitrary code execution with the privileges of the web server. The vulnerable script is s.cgi and the buffer overflow can be accessed by submitting an excessively long query string to the script (the variable tmpl, specifically).

SWSoft ASPSeek s.cgi Buffer Overflow Vulnerability

The following exploit has been provided by Neil K <[email protected]>:

• /data/vulnerabilities/exploits/ASPSeek-exploit.pl

SWSoft ASPSeek s.cgi Buffer Overflow Vulnerability

Solution:
SWsoft has addressed this issue in ASPSeek v.1.0.4:


SWSoft ASPSeek 1.0

• SWsoft ASPSeek v.1.0.4
  http://www.sw-soft.com/trial/aspseek/1.0.4/aspseek-1.0.4.tar.gz

SWSoft ASPSeek 1.0.1

• SWsoft ASPSeek v.1.0.4
  http://www.sw-soft.com/trial/aspseek/1.0.4/aspseek-1.0.4.tar.gz

SWSoft ASPSeek 1.0.3

• SWsoft ASPSeek v.1.0.4
  http://www.sw-soft.com/trial/aspseek/1.0.4/aspseek-1.0.4.tar.gz

SWSoft ASPSeek s.cgi Buffer Overflow Vulnerability

References:

• ASPSeek (SWSoft)
  
• ASPSeek Change Log (SWSoft)