From Jonas.Landin@ixsecurity.com Sat May 4 17:59:25 2002 From: "Jonas [iso-8859-1] Ländin" To: bugtraq@securityfocus.com Date: Fri, 3 May 2002 02:37:45 +0200 Subject: iXsecurity.20020404.4d_webserver.a [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] iXsecurity Security Vulnerability Report No: iXsecurity.20020404.4d_webserver.a ================================== Vulnerability Summary --------------------- Problem: The 4D webserver has a buffer overflow condition. Threat: An attacker could make the webserver crash and possibly execute arbitrary code. Affected Software: 4D Webserver version 6.7.3 verified. Platform: Windows verified. Solution: Update to the version mentioned below. Vulnerability Description ------------------------- An attacker could overflow the username or password field in a basic authentication resulting in EIP overwrite and possible arbitrary code execution. There are a few checks of the buffer, including a check to make sure only "valid" characters are sent. If "invalid" characters are found the copy is terminated. Ironicaly there is no bounds check. Because of the various checks, it is a bit more complicated to exploit, since it minimizes the code one can include in the buffer. Solution ------- The solution for Bug Number: ACI0021102 is to upgrade to the latest version, which will be 4D 6.7.4 or 4D 6.8.1. Additional Information ---------------------- 4D was contacted 20020405. This vulnerability was found and researched by Patrik Karlsson & Jonas Ländin patrik@cqure.net jonas@cqure.net This document is also available at: http://www.cqure.net/advisories/