Info

Disclosure

Feb 13, 1995

Discovery

Unknown

Dates

Exploit

Feb 13, 1995

Solution

Unknown

Description

A remote overflow exists in NCSA HTTPd. The daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted URL request containing 256 or more characters, a remote attacker can cause arbitrary command execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

NCSA HTTPd Development Team	NCSA HTTPd	1.3
		1.2
		1.1

References

CVE ID: 1999-0267 (see also: NVD)
Bugtraq ID: 3158
ISS X-Force ID: 517
CERT: CA-1995-04
CIAC Advisory: f-11
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1995_1/0403.html
http://archives.neohapsis.com/archives/bugtraq/1995_1/0434.html
http://archives.neohapsis.com/archives/bugtraq/1995_1/0435.html
http://archives.neohapsis.com/archives/bugtraq/1995_2/0087.html
Vendor URL: http://hoohoo.ncsa.uiuc.edu/

Credit

Thomas Lopatic - lopaticdbs.informatik.uni-muenchen.de -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

NCSA HTTPd Development Team

NCSA HTTPd

References

Credit