LIBCGI is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted request which exploits inadequate bounds check in 'parse_field()' function in the 'cgi_lib.c', a remote attacker can potentially cause corrupt memory.

Currently, there are no known workarounds or upgrades to correct this issue. However, dong-h0un U has released an unofficial patch to address this vulnerability.

As with all third-party solutions, ensure they come from a reliable source and are permitted under your company's security policy.

• ISS X-Force ID: 10722
• CVE ID: 2002-2257 (see also: NVD)
• Bugtraq ID: 6270
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-11/0346.html
• Vendor URL: http://www.tuxbr.com.br/ [ Link is 404 ]

• dong-h0un U - xploithackermail.com -