DNewsWeb Buffer Overflow

 
DNewsWeb Buffer Overflow
Reported May 03,  2000 by
Cerberus Information Security
VERSIONS EFFECTED
  • Netwin DNewsWeb v5.3e1

DESCRIPTION

The Cerberus Security Team Cerberus Security Team has found a remotely exploitable buffer overrun in Netwin"s DNewsWeb CGI program.
By using overly long URL parameter (group and utag) a buffer can be overflowed which allows the execution of arbitrary code on the web server.

VENDOR  RESPONSE

Netwin has made a corrected version (5.4c3) available on their FTP site.

CREDITS
Discovered and reported by
Cerberus Information Security

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish