3996 : webfs Long Pathname Overflow
Printer | http://osvdb.org/3996 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

8 months ago

Percent Complete

85%

Disclosure

Sep 30, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

webfs contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to an overflow condition in "ls.c" that results in an unchecked buffer. If an attacker created a specially crafted request in conjunction with a directory traversal attack, they could potentially execute arbitrary code on the victim machine.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable

Solution

Upgrade to version 1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Gerd Knorr	webfs	1.17
		1.18
		1.19

References

Bugtraq ID: 8726
Related OSVDB ID: 2619
ISS X-Force ID: 13308
Vendor Specific Advisory URL: http://www.debian.org/security/2003/dsa-392
Secunia Advisory ID: 9879
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0518.html
CVE ID: 2003-0833 (see also: NVD)
Vendor URL: http://bytesex.org/webfs.html

Tools & Filters

Nessus	10320 15229

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Gerd Knorr

webfs

References

Tools & Filters

Credit

Blogs

Comments