Sysax Multi Server 'uploadfile_name1.htm' Buffer Overflow Vulnerability

Bugtraq ID:	51950
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 09 2012 12:00AM
Updated:	Feb 09 2012 12:00AM
Credit:	Craig Freyman
Vulnerable:	Codeorigin Sysax Multi Server 5.52 Codeorigin Sysax Multi Server 5.50 Codeorigin Sysax Multi Server 5.25 Codeorigin Sysax Multi Server 4.3
Not Vulnerable:

Sysax Multi Server 'uploadfile_name1.htm' Buffer Overflow Vulnerability

Sysax Multi Server is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Sysax Multi Server 5.52 is vulnerable; prior versions may also be affected.

Sysax Multi Server 'uploadfile_name1.htm' Buffer Overflow Vulnerability

The following exploit example is available:

• /data/vulnerabilities/exploits/51950.py

Sysax Multi Server 'uploadfile_name1.htm' Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Sysax Multi Server 'uploadfile_name1.htm' Buffer Overflow Vulnerability

References:

• Sysax Multi Server 5.52 File Rename Exploit (Craig Freyman)
  
• Sysax Multi Server Homepage (Codeorigin)