Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NISR18022002: Netwin Webnews Buffer Overflow Vulnerability

NISR18022002: Netwin Webnews Buffer Overflow Vulnerability

by Nikola Strahija on February 20th, 2002 Netwin's WebNews contains a remotely exploitable buffer overrun that allows the execution of arbitrary code. Name: Netwin Webnews.exe Systems Affected: IIS4 & IIS5 on Windows NT/2000 Severity: High Risk


Description
***********
WebNEWS is a server side application (cgi) which provides users with web
based access to Internet News Groups. It is compatible with any standard
NNTP (Network News) server system. WebNews allows news groups to be
displayed, accessed and searched via a web-based interface. WebNews may be
used to provide a web based news service, similar to the popular Deja News
Services. Providing Web access to news gives users access to their news from
anywhere on the net. All they need is a web browser.

Details
*******
Webnews.exe is the main executable that provides the program's
functionality. The buffer overflow problem manifests itself when an overly
long string (c. 1500 bytes) is supplied in the group parameter of the query
string when the server receives a vaild "utoken". The "utoken" is the user
token supplied by the server for a given session.

In terms of an attack, any code executed will run in the security context of
the low privileged account used by IIS to service such requests so won't
have full control over the system. That said, it is imperative that this be
addressed as it allows an attacker greater access to the vulnerable system
and other machines behind the firewall on the same DMZ.


Fix Information
***************
NGSSoftware alerted Netwin to these problems on the 11th of February who
responded quickly with a patch. This patch was made available on the 14th
February 2002, and can be downloaded from
ftp://netwinsite.com/pub/webnews/beta/

A check for this issue has been added to Typhon II, of which more
information is available from the NGSSoftware website,
http://www.ngssoftware.com.

Further Information
*******************
For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »