[25850] in bugtraq
4D 6.7 DOS and Buffer Overflow Vulnerability
daemon@ATHENA.MIT.EDU (Alfred Goldberg)
Tue Jun 18 15:03:38 2002
From: "Alfred Goldberg" <agoldberg@absoluteitsolutions.com>
To: <bugtraq@securityfocus.com>
Date: Tue, 18 Jun 2002 12:59:54 -0400
Message-ID: <LEEELBOCGJOJKEJJHHKCCEPKCFAA.agoldberg@absoluteitsolutions.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Vulnerability Summary
---------------------
Problem: The 4D 6.7 webserver has a buffer overflow condition.
Threat: An attacker could make the webserver crash and possibly execute
arbitrary code.
Affected Software: 4D Webserver version 6.7.3 verified.
Platform: Windows verified.
Solution: Update to the version mentioned below.
Vulnerability Description
-------------------------
4D is unable to handle long HTTP requests. The result is a termination of
the 4D application as the buffer is overflown.
Solution
-------
4D 6.8 seems to of addressed this problem.
Additional Information
----------------------
4D was contacted 20020606 but returned no reply.
This vulnerability was found and researched by
Dumitru Vlad
