AOH :: Web :: Servers :: WEB5329.HTM

AOH :: Web :: Servers :: WEB5329.HTM
4D webserver buffer overflow

3rd May 2002 [SBWID-5329]

COMMAND

	4D webserver buffer overflow

SYSTEMS AFFECTED

	4D Webserver version 6.7.3

PROBLEM

	Patrik Karlsson &  Jonas  Lendin  [http://www.cqure.net/advisories/]
	said :
	

	An attacker could overflow the username or password  field  in  a  basic
	authentication resulting in EIP overwrite and  possible  arbitrary  code
	execution. There are a few checks of the buffer, including  a  check  to
	make sure only \"valid\" characters are sent. If \"invalid\"  characters
	are found the copy is terminated.
	

	

SOLUTION

	Upgrade to the latest version, either 4D 6.7.4 or 4D 6.8.1.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.