Savant Vulnerabilities
Updated 9/20/02
CVE 2000-0014
CVE 2000-0521
CVE 2000-0641
CAN 2001-0433
CAN 2002-0099
CAN 2002-1120
Impact
A remote attacker could cause a denial of service or execute
arbitrary commands with the privileges of the web server.
Background
Savant
Web Server
is a free, open-source web server which runs on Windows
platforms.
The Problems
9/13/02
CAN 2002-1120
A buffer overflow in the handling of long GET
requests could allow a remote attacker to crash the web
server or execute arbitrary commands on the server.
Savant 3.1 and earlier versions are affected.
9/20/02
There are several other vulnerabilities affecting Savant
web server 3.1 and possibly earlier versions. Either a
buffer overflow in the cgitest.exe CGI
program, or a negative value in the Content-length field in
the HTTP headers, could allow a remote attacker to crash the
server. And a trailing dot or space character in a requested
URL can be used to bypass authentication, thus allowing
an attacker access to password-protected files.
There are more vulnerabilities affecting older
versions of Savant Web Server, including:
- CAN 2002-0099 A buffer overflow in the handling of CGI parameters in Savant 3.0
- CAN 2001-0433 A buffer overflow in the processing of the Host: header in Savant 3.0
- (CVE 2000-0641)
A buffer overflow due to an excessive number of HTTP headers in a GET request in Savant 3.0.
- (CVE 2000-0521)
Disclosure of source code when the HTTP version identifier is omitted from the request in Savant 2.1.
- (CVE 2000-0014)
A buffer overflow in the processing of a null character in a GET request in Savant 2.0.
Resolutions
Download
an upgrade or a fix when one becomes available. Until then,
it would be advisable to disable the web server.
Where can I read more about this?
The GET request buffer overflow was reported
to VulnWatch. The other vulnerabilities
affecting Savant 3.1 was reported to
Bugtraq.
For more information about the older vulnerabilities, see
NT Bugtraq,
Bugtraq,
Bugtraq,
Bugtraq, and
USSR Advisory 99026.