[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Buffer overflow in SmartDesk WebSuite v2.1
From: cmart <cmart () mail ! staticusers ! net>
Date: 1999-05-25 20:53:17
[Download RAW message or body]
Advisory: Buffer overflow in SmartDesk WebSuite v2.1
Platforms Affected: Windows NT, Windows 98
Found by: cmart (cmart@staticusers.net)
Date: 5/23/99
Description:
-----------
WebSuite v2.1 will crash when an additional 250+ characters
is appended after the sites URL on NT Server 4 and NT
Workstation 4 boxes.
Running on top of Windows 98 it will crash with 150+ characters
appended after the sites URL.
After reinstallating on both platforms several times, the
overflow string length varied. Approximately 1 out of 8 times
the overflow string went from 150 chars (Win98) to about
1000+ chars. It also went from 250+ chars (NT) to about
2000+ chars.
After the server crashes on NT Workstation 4, it's unable
to find the lib file sysclass.flb. (On our test).
Details:
-------
[Windows NT]
http://hostname/00000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000
SDWEBSRV.EXE crashes.
[Windows 98]
http://hostname/00000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000
SDWEBSRV.EXE crashes.
-----------------------------
cmart | cmart@staticusers.net
http://winntsec.com
-----------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic