Buffer Overflow in Website Pro
Updated 2/22/01
CVE 2000-0622
CAN 2000-0623
Impact
A buffer overflow condition in Website Pro could allow
a remote attacker to execute arbitrary commands on the
server.
Background
O'Reilly's Website
Professional is a full-featured web server for
Windows platforms.
The Problem
CVE 2000-0622
CAN 2000-0623
There are two separate buffer overflow conditions
in Website Pro which could allow a remote attacker
to execute arbitrary commands on the server.
The first one can be exploited in
a number of ways, such as a long GET
request or a long Referrer header. The second one
can be exploited by supplying a very long search
string to webfind.exe. Both conditions
affect Website Pro 2.4 for Windows NT.
2/22/01
A second, unrelated problem affecting Website Pro 1.1
and 2.0 could allow an attacker to view the source code
of any script on the web server by appending a hex-encoded
space character (%20) to a URL. While
this would not lead to an immediate compromise, it could
reveal passwords or other sensitive information which could
be used to plan an attack.
Resolutions
Upgrade to Website Pro
version 2.5 or higher.
Where can I read more about this?
The first buffer overflow was posted to
Bugtraq. The second was also posted to
Bugtraq.
The source code exposure vulnerability was discussed in
Allaire Security
Bulletin 99-06.