[12818] in bugtraq
Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise
daemon@ATHENA.MIT.EDU (Keith Piepho)
Thu Dec 2 14:01:53 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.58.19991202102414.01c5e020@uakron.edu>
Date: Thu, 2 Dec 1999 10:39:38 -0500
Reply-To: Keith Piepho <kap@UAKRON.EDU>
From: Keith Piepho <kap@UAKRON.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19991201184713.A7164@underground.org>
At 06:47 PM 12/1/99 -0800, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>ISS Security Advisory
>December 1, 1999
>
>Buffer Overflow in Netscape Enterprise and FastTrack Authentication
>Procedure
>
>Synopsis:
>
>Netscape Enterprise Server and Netscape FastTrack Server are widely used
>Internet web servers. Internet Security Systems (ISS) X-Force has discovered
>a vulnerability in Netscape Enterprise Server and Netscape FastTrack
>Server, as well as in the Administration Server supplied with both. There
>is a buffer overflow in the HTTP Basic Authentication that can be used to
>execute code on the machine as SYSTEM in Windows NT or as root or nobody
>in Unix, without requiring authentication. The Administration Service runs
>as root in Unix, the Application Server runs as the user 'nobody' by
>default.
>
>Affected Versions:
>
>This vulnerability affects all supported platforms of Enterprise and
>FastTrack web servers. Enterprise 3.5.1 through 3.6sp2 and FastTrack 3.01
>were found to be vulnerable. Earlier versions may be vulnerable but were not
>tested by ISS X-Force.
Does anyone know if this problem is fixed in 3.6sp3? The release notes for
sp3 include the following fixes:
359884. Buffer overflow on large requests causes Security problems.
363755. Buffer overflow in the HTTP Basic authentication.
That second one certainly sounds very similar, but does anyone know for sure?
--
Keith Piepho kap@uakron.edu
Technical Services (330) 972-6130
The University of Akron
