![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: "Tamer Sahin" <ts@securityoffice.net> To: <bugtraq@securityfocus.com> Subject: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Date: Mon, 14 Jan 2002 01:00:39 +0200 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Type: DoS, crashes Daemon Release Date: January 14, 2002 Product / Vendor: Pi3Web is a free, multithreaded, highly configurable and extensible HTTP server and development environment for cross platform internet server development and deployment. http://pi3web.sourceforge.net Summary: Server crashes after sending very long cgi parameter a few times. http://host/cgi-bin/hello.exe.....<224 char>...... The instruction at "0x77fcc1df" referenced memory at "0x009946c0". The memory could not be "read". Tested: Windows 2000 / PiWeb v2.0 Vulnerable: Pi3Web v2.0 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPEIRlruLpFMrXtywEQLrmwCeKWYcTxIlPERxzY+jA8m3v/boFXAAn1En AuKA4zylpjqVVkGZdHiuILSt =zVHB -----END PGP SIGNATURE-----