CVE-2001-0419
CVSS7.5
发布时间 :2001-07-02 00:00:00
修订时间 :2016-10-17 22:11:07
NMCOES    

[原文]Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.


[CNNVD]Oracle Application Server ndwfn4.so远程缓冲区溢出漏洞(CNNVD-200107-003)

        
        Oracle是一个流行的大型商业数据库产品。
        与Oracle Application Server一起发行的共享动态库ndwfn4.so有一个缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。
        这个库用来处理由iPlanet Web服务器传给它的Web请求。如果发给这个库的请求长度大于大
        约2050个字符,就会发生缓冲区溢出。可以构造一个请求字符串触发溢出,远程攻击者用此可以执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0419
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0419
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-003
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=98692227816141&w=2
(UNKNOWN)  BUGTRAQ  20010410 Oracle Application Server shared library buffer overflow
http://www.securityfocus.com/bid/2569
(VENDOR_ADVISORY)  BID  2569

- 漏洞信息

Oracle Application Server ndwfn4.so远程缓冲区溢出漏洞
高危 边界条件错误
2001-07-02 00:00:00 2005-10-20 00:00:00
远程  
        
        Oracle是一个流行的大型商业数据库产品。
        与Oracle Application Server一起发行的共享动态库ndwfn4.so有一个缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。
        这个库用来处理由iPlanet Web服务器传给它的Web请求。如果发给这个库的请求长度大于大
        约2050个字符,就会发生缓冲区溢出。可以构造一个请求字符串触发溢出,远程攻击者用此可以执行任意代码。
        

- 公告与补丁

        厂商补丁:
        Oracle
        ------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.oracle.com

- 漏洞信息 (20747)

Oracle Application Server 4.0.8 .2 ndwfn4.so buffer overflow (EDBID:20747)
linux dos
2001-04-11 Verified
0 Fyodor Yarochkin
N/A [点击下载]
source: http://www.securityfocus.com/bid/2569/info

The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than approximately 2050 characters, it will overflow.

A request string could be constructed to trigger the overflow and allow a malicious remote user to execute unprivileged arbitrary code. No exploit is publically available.

Assuming the OAS prefix is /jsp/ and the vulnerable host is 'victim', the following command issued by the attacker will cause the iWS to coredump:

perl -e 'print "GET /jsp/","A"x2050," HTTP/1.0\n\n"' | nc victim 80 		

- 漏洞信息

10885
iPlanet Web Server on Oracle ndwfn4.so HTTP Request Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Solution Unknown
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

2001-04-10 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle Application Server ndwfn4.so buffer overflow
Boundary Condition Error 2569
Yes No
2001-04-11 12:00:00 2009-07-11 06:06:00
This vulnerability was discovered by Fyodor Yarochkin <mailto:fyodor@relaygroup.com> and made public in S.A.F.E.R. advisory 0016.

- 受影响的程序版本

Oracle Application Server 4.0.8 .2

- 漏洞讨论

The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than approximately 2050 characters, it will overflow.

A request string could be constructed to trigger the overflow and allow a malicious remote user to execute unprivileged arbitrary code. No exploit is publically available.

- 漏洞利用

Assuming the OAS prefix is /jsp/ and the vulnerable host is 'victim', the following command issued by the attacker will cause the iWS to coredump:

perl -e 'print "GET /jsp/","A"x2050," HTTP/1.0\n\n"' | nc victim 80

- 解决方案

Oracle has been notified by S.A.F.E.R., but currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站