Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: webbbs2.htm

WebBBS - New vulnerabilities



    WebBBS v1.17


    Following  is  based  on  Delphis  Consulting  Plc  Security  Team
    Advisories.  WebBBS fixed a  number of bugs which were  referenced


    however on release of  the new version (19/06/2000)  DCIST audited
    the new version and indeed the issues they released were resolved.
    However  DCIST  discovered  the  following  new vulnerabilities in
    WebBBS under Windows NT.

    By using  a overly  long string  on the  search file system option
    page it  is possible  to cause  a Denial  of Service.   The reason
    this is  a Denial  of Service  rather than  a BufferOverrun (which
    indeed it  does cause)  is that  the EIP  is seemingly random when
    overwrriten (i.e. not byte perfect).

    By  using  the  New  user  sign  up  form shipped and installed as
    standard by WebBBS is possible to cause a BufferOverRun in WebBBS.
    This is done be connecting  to port 80 (WebBBS) which  the service
    resides on by  default and  sending a username.  The username  has
    to be a length of 892 + EIP (4 bytes making a total of 896 bytes).
    This  will  cause  the  above  application  to  BufferOverRun over
    writing EIP.   This would allow  an attacker to  execute arbitrary


    Currently there is no vendor patch available but the following are
    preventative measures  Delphis Consulting  Internet Security  Team
    would advise users running this service to implement.

        o Remove new user sign up
        o Remove filesystem search

    This will be dealt with once  a code audit have been completed  to
    erase any other  areas we have  not highlighted to  them which may
    also be effected.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH