Andreas Rottmann
2009-08-22 20:10:59 UTC
forwarded 540657 bug-***@gnu.org
thanks
[ To the Debian security team: I've just confirmed and have come up with
(what I think is) a fix for the reported security issue.
This affects serveez 0.1.5-2.1 (lenny) and 0.1.5-2 (etch). The bug is
also present in 0.1.7 and 0.1.6, which are not packaged in Debian.
I can provide fixed packages for lenny and etch tomorrow. ]
really of satanic origin -- stay tuned, I've started investigating ;-).
OK, I think I've isolated the issue.
It's a stack-based buffer overflow, which can be triggered by a
malformed/malicious HTTP If-Modified-Since header. While the linked code
triggering the issue "just" causes a segfault, I think remote code
execution is just a tiny step away, but note that I'm not a security
expert ;-).
I think the attached patch should provide a fix:
thanks
[ To the Debian security team: I've just confirmed and have come up with
(what I think is) a fix for the reported security issue.
This affects serveez 0.1.5-2.1 (lenny) and 0.1.5-2 (etch). The bug is
also present in 0.1.7 and 0.1.6, which are not packaged in Debian.
I can provide fixed packages for lenny and etch tomorrow. ]
Subject: serveez: REMOTE BUFFER OVERFLOW
Package: serveez
Version: 0.1.5-2.1
Severity: grave
Justification: user security hole
Tags: security
http://packetstormsecurity.nl/0908-exploits/serveez-overflow.txt
I can confirm this buffer overflow (but I'm not yet certain if it'sPackage: serveez
Version: 0.1.5-2.1
Severity: grave
Justification: user security hole
Tags: security
http://packetstormsecurity.nl/0908-exploits/serveez-overflow.txt
really of satanic origin -- stay tuned, I've started investigating ;-).
It's a stack-based buffer overflow, which can be triggered by a
malformed/malicious HTTP If-Modified-Since header. While the linked code
triggering the issue "just" causes a segfault, I think remote code
execution is just a tiny step away, but note that I'm not a security
expert ;-).
I think the attached patch should provide a fix: