COMMAND

	Netwin\'s WebNews remotely exploitable buffer overrun

SYSTEMS AFFECTED

	current stable version

PROBLEM

	In NGSSoftware Insight Security Research Advisory :
	

	WebNEWS is a server side application (cgi)  which  provides  users  with
	web based access to Internet News Groups.  It  is  compatible  with  any
	standard NNTP (Network News) server system. WebNews allows  news  groups
	to be displayed,  accessed  and  searched  via  a  web-based  interface.
	WebNews may be used to provide a web based news service, similar to  the
	popular Deja News Services. Providing Web access  to  news  gives  users
	access to their news from anywhere on the net. All they need  is  a  web
	browser.
	

	

	Webnews.exe  is  the  main  executable  that  provides  the   program\'s
	functionality. The buffer overflow  problem  manifests  itself  when  an
	overly long string (c. 1500 bytes) is supplied in  the  group  parameter
	of the query string when the server receives  a  vaild  \"utoken\".  The
	\"utoken\" is the  user  token  supplied  by  the  server  for  a  given
	session.
	

	In terms of an attack, any  code  executed  will  run  in  the  security
	context of the low privileged  account  used  by  IIS  to  service  such
	requests so won\'t have full control over the system. That said,  it  is
	imperative that this be addressed  as  it  allows  an  attacker  greater
	access to the vulnerable system and other machines behind  the  firewall
	on the same DMZ.
	

	

SOLUTION

	Download patch from
	

	ftp://netwinsite.com/pub/webnews/beta/