by Tan Chew Keong
Release Date: 5 Aug 2004
Japanese Version
Ultra Mini Httpd
is a HTTP server released by Dip.PicoLix for Windows platforms. It is small, easy to configure,
and supports CGI. Ultra Mini Httpd version 1.21 has a buffer overflow vulnerability that may be exploited
to crash the server or to execute arbitrary code.
Ultra Mini Httpd Version 1.21 on English Win2K SP4
Ultra Mini Httpd version 1.21 has a buffer overflow vulnerability that may be exploited to crash the server
or to execute arbitrary code. The vulnerability is triggered by sending a HTTP GET or POST request with an abnormally
long URL.
For example,
GET AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[approx. 1450]....\r\n\r\n
The following Ollydbg screen capture shows that the EIP was overwritten when an abnormally long URL was
supplied with the GET command.
Proof-of-concept exploit code can be downloaded here.
Author has fixed this vulnerability in version 1.221. Users are advised to upgrade to the fixed version.
29 Jul 04 - Vulnerability Discovered
29 Jul 04 - Initial Author Notification
01 Aug 04 - Second Author Notification
02 Aug 04 - Author replied with fixed version (upgrade to version 1.221)
05 Aug 04 - Public Release
For further questions and enquries, email them to the following.
Overall-in-charge: Tan Chew Keong
webmaster@security.org.sg
|
