[30523] in bugtraq
Re: Remote Buffer Overrun WebAdmin.exe
daemon@ATHENA.MIT.EDU (David A. =?iso-8859-1?Q?P=E9rez?=)
Tue Jun 24 19:58:35 2003
Date: Tue, 24 Jun 2003 22:31:48 +0100
From: "David A. =?iso-8859-1?Q?P=E9rez?=" <david@kamborio.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <WorldClient-F200306242231.AA31480000@kamborio.net>
In-Reply-To: <0ae801c33a9f$14a90c60$1b01010a@r00t3d.net>
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
Reply-To: david@kamborio.com
> NGSSoftware Insight Security Research Advisory
>
> Name: Remote System Buffer Overrun WebAdmin.exe
> Systems Affected: Windows
> Severity: High Risk
> Category: Buffer Overrun
> Vendor URL: http://www.altn.com/
> Author: Mark Litchfield (mark@ngssoftware.com)
> Date: 24th June 2003
> Advisory number: #NISR2406-03
I've been making a few tests using WebAdmin 2.0.3 running under IIS (WebAdmin.dll)
On my tests, I haven't been able to exploit this issue beyond the scope of a Denial of Service. The Active Server Pages
service just reboots itself and two entries are added to the event log:
Application Log:
Event Type: Information
Event Source: Active Server Pages
Event Category: None
Event ID: 3
Date: 24/06/2003
Time: 22:19:16
User: N/A
Computer: XXX
Description:
Service started.
System Log:
Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 37
Date: 24/06/2003
Time: 22:17:33
User: N/A
Computer: XXX
Description:
Out of process application '/LM/W3SVC/3/Root/WebAdmin' terminated unexpectedly.
For additional information specific to this message please visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
David A. Pérez
