WN Vulnerabilities
Created 10/07/02
CAN 2002-1166
Impact
A remote attacker could execute arbitrary code on the
server with the privileges of the server.
Background
WN is an open
source HTTP server for UNIX-based systems.
The Problem
By sending an overly long GET request to the HTTP server,
a remote attacker could cause a buffer overflow and execute
arbitrary code on the system with the privileges of
the server. WN server versions 1.18.2 through 2.0.0 are
vulnerable. These versions are included in the current
version of the FreeBSD Project's FreeBSD ports collection.
Earlier versions of WN server may also be vulnerable.
Resolution
Upgrade to
WN server 2.4.4 or higher.
Where can I read more about this?
This vulnerability was posted to
SecurityFocus and
VulnWatch.