KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
BID:9679
Info
KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
| Bugtraq ID: | 9679 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0292 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 17 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery of this vulnerability has been credited to "badpack3t" <[email protected]>. |
| Vulnerable: |
KarjaSoft Sami HTTP Server 1.0.4 |
| Not Vulnerable: | |
Discussion
KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
A vulnerability has been reported for Sami HTTP server. The problem occurs due to insufficient bounds checking when handling GET requests.
As a result, an attacker may be capable of corrupting sensitive data such as a return address, and thereby effectively control the execution flow of the program. This would ultimately allow for the execution of arbitrary code. Immediate consequences of exploitation of this issue may result in denial of service.
A vulnerability has been reported for Sami HTTP server. The problem occurs due to insufficient bounds checking when handling GET requests.
As a result, an attacker may be capable of corrupting sensitive data such as a return address, and thereby effectively control the execution flow of the program. This would ultimately allow for the execution of arbitrary code. Immediate consequences of exploitation of this issue may result in denial of service.
Exploit / POC
KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
The following proof of concept denial of service exploit has been supplied:
The following proof of concept denial of service exploit has been supplied:
Solution / Fix
KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
KarjaSoft Sami HTTP Server GET Request Buffer Overflow Vulnerability
References:
References:
- Sami HTTP server Homepage (KarjaSoft)
- KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow ("badpack3t"