Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5329.htm

4D webserver buffer overflow



3rd May 2002 [SBWID-5329]
COMMAND

	4D webserver buffer overflow

SYSTEMS AFFECTED

	4D Webserver version 6.7.3

PROBLEM

	Patrik Karlsson &  Jonas  Lendin  [http://www.cqure.net/advisories/]
	said :
	

	An attacker could overflow the username or password  field  in  a  basic
	authentication resulting in EIP overwrite and  possible  arbitrary  code
	execution. There are a few checks of the buffer, including  a  check  to
	make sure only \"valid\" characters are sent. If \"invalid\"  characters
	are found the copy is terminated.
	

	

SOLUTION

	Upgrade to the latest version, either 4D 6.7.4 or 4D 6.8.1.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH