[26161] in bugtraq
Re: MFC ISAPI Framework Buffer Overflow
daemon@ATHENA.MIT.EDU (Chris Wysopal)
Fri Jul 12 22:25:18 2002
Date: 12 Jul 2002 23:52:11 -0000
Message-ID: <20020712235211.4776.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Chris Wysopal <cwysopal@atstake.com>
To: bugtraq@securityfocus.com
In-Reply-To: <001901c228f4$c963fe20$e62d1c41@kc.rr.com>
BadBlue (and all vendors who wrote ISAPI extensions with MFC) should
recompile with Visual Studio 6.0 SP4 or later. There were serious
problems with many ISAPI extensions built with earlier versions of the MFC
libraries.
2 problems are documented in Microsoft KB articles:
ISAPI DLLs That Are Built with MFC Static Libraries Are Vulnerable to
Denial of Service Attacks (Q310649)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q310649
and
FIX: Access Violation in MFC ISAPI with Large Query String (Q216562)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q216562
-Chris
>Systems Affected: All ISAs written using MFC ISAPI framework
>Issue: User-input length values can result in a buffer overflow.
>Risk: Critical
>Scope: Remote Server Compromise
>
>The MFC ISAPI framework is widely used to build ISAs that
>run on a multitude of web servers.
>
>It has been discovered that the framework relies on user-input
>values for request member lengths, making it prone to a buffer
>overrun attack.
>
>When I downloaded my copy of the BadBlue PWS and began
>to test its bizarre "ext.dll" module for vulnerabilities, I found that
>a specially malformed POST request:
