Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetSuite 1.02 Web Server Vulnerability

NetSuite 1.02 Web Server Vulnerability

by Phiber on February 19th, 2001 A web server available from MobyDisk website has a buffer overflow bug.
This is acomplished by sending more than 200 characters.

Example:
http://www.NetSuite_web_Server_site.com/[200 a's]


Discovered by : Xatrix Security (17/02/2001)

http://www.xatrix.org



Vulnerable Server: Moby Netsuite Web Server

Infected Version: 1.02

Vendor Conacted: YES

~~~~~~~~~~~~~~~~~~~



Description:

- Moby Netsuite web server is a free web server for win 9x/NT

which can be downloaded from http://www.mobydisk.com.

It supports CGI scripting and it is easly configurable.



Impact:

- By sending more than 200 charachters it can be crashed ...

(Windows kernel will report that NetSuite has caused an unknown error :)





Example:

www.SITE.com/ [ more than 200 a's]



Solution: Wait for new version of NeSuite web server or a patch.





[ EOF - 18/02/2001 ]



Regards,

-----------------------------------

- Phiber

"Security is completly theoretical"

Xatrix Security, http://xatrix.org


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »