COMMAND

	4D webserver buffer overflow

SYSTEMS AFFECTED

	4D Webserver version 6.7.3

PROBLEM

	Patrik Karlsson &  Jonas  Lendin  [http://www.cqure.net/advisories/]
	said :
	

	An attacker could overflow the username or password  field  in  a  basic
	authentication resulting in EIP overwrite and  possible  arbitrary  code
	execution. There are a few checks of the buffer, including  a  check  to
	make sure only \"valid\" characters are sent. If \"invalid\"  characters
	are found the copy is terminated.
	

	

SOLUTION

	Upgrade to the latest version, either 4D 6.7.4 or 4D 6.8.1.