Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple Remote Buffer Overruns TOMAHAWKS' STEELARROW

Multiple Remote Buffer Overruns TOMAHAWKS' STEELARROW

by Nikola Strahija on August 19th, 2002 SteelArrow is an easy to use Web Application Server offering the latest in Internet connectivity and dynamic content development. SteelArrow offers developers full web application development functionality and fully tested run time reliability. Steelarrow operates as an extension (on WinNT/2K) to Microsoft IIS, Apache and Netscape Enterprise servers.


Details
*******

Buffer Overrun 1)

SteelArrow tracks user sessions with cookies in the form of
UserIdent=XXXXXXXXXXXX. By supplying an overly long vlaue in the Cookie
HTTP header a buffer overflow occurs in the Steelarrow Service
(Steelarrow.exe) overwriting a saved return address on the stack.
Steelarrow, by default on Win2k/WinNT is installed as a system service. Any
arbitary code executed using this vulnerability will run with system
privileges.

Buffer Overrun 2)

By making an overly long request for a .aro (extension used by Steelarrow)
file, an access violation occurs in DLLHOST.EXE (Steelarrow.dll), again
overwriting a saved return address on the stack. Any code will execute in
the security context of the IWAM account.

Buffer Overrun 3)

It's that Chunked Transfer-Encoding issue again. By making a request for a
.aro file an including a specific Transfer-Encoding: Chunked request within
the HTTP request header fields and access violation occurs in DLLHOST.EXE
due to a heap overflow. Again any arbitary code execution will run in the
context of the IWAM account.

Fix Information
***************
NGSSoftware alerted the vendor to these buffer overflow issues on the 1st
2nd and 3rd of April 2002. A fix is available from
http://www.steelarrow.com

A check for these issues has been added to Typhon II, of which more
information is available from the
NGSSoftware website, http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf





Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »