[14753] in bugtraq
Buffer overflows in Skyline/SpinBox client
daemon@ATHENA.MIT.EDU (Tollef Fog Heen)
Tue May 2 19:30:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <87u2gjp7v1.fsf@tfh-bb.ft.dep.no>
Date: Mon, 1 May 2000 00:00:18 +0200
Reply-To: Tollef Fog Heen <tfheen@OPERA.NO>
From: Tollef Fog Heen <tfheen@OPERA.NO>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
There are some buffer overflows in SpinBox/1.1 (from the
spin_server.conf).
SpinBox is an SSI/cgi-tool used by advertisement companies, made by
Skyline.
Since this is closed source software, I can't post the sources. The
buffer overflows are mostly in the query string (strcat and strcpy
instead of strncat and strncpy).
The cgi-bin will usually run with an uid of nobody (most Unices) or
www-data (Debian), so depending on configuration the severity might
be none to possible defacing of web sites.
If you use the SpinBox client (our ad provided is uniquemedia.net,
thanks to them for providing sources and in general being helpful
and responsive) with a version number less than 1.1, or haven't been
notified in the last three weeks, you are vulnerable.
Vendor is notified about three weeks ago.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
