TUCoPS :: Browsers :: nscape~3.htm

iPlanet/ Netscape Enterprise Web Publisher Buffer Overflow

    iPlanet/ Netscape Enterprise Web Publisher


    Netscape Enterprise 4.1 and prior versions.


    Riley Hassell  from  eEye  found  following.   The  Web  Publisher
    feature  in  Netscape  Enterprise  4.1  is  vulnerable to a buffer
    overflow.  By  sending a large  buffer containing executable  code
    and a new Instruction Pointer, an attacker is able to gain  remote
    system shell access to the vulnerable server.

    The  overflow  itself  exists  in  Publishers  handling of the URI
    (Uniform  Resource  Identifier).   By  specifying   GETPROPERTIES,
    GETATTRIBUTENAMES,  or  any  other  one  of the publisher specific
    methods, we can  pass data into  vulnerable section of  the server
    and exploit the vulnerability.


        C:\>telnet www.example.com 80
        Connecting To www.example.com... connected.
        GETPROPERTIES /(buffer) HTTP/1.1
        Host: Hostname

    Where (buffer) is 2000 characters.

    There is no a proof of concept exploit, however expect one soon.


    Quote from iPlanet's development  team: "The security &  stability
    of  iPlanet's  customer's  environments  is  one  of our paramount
    concerns.  To ensure the stability of our customer's  environments
    iPlanet has made available an  NSAPI patch that can be  applied to
    iPlanet Web Server, Enterprise Edition."

    The NSAPI patch is available at:


    This issue will  also be addressed  by the release  of iPlanet Web
    Server, Enterprise Edition version 4.1 Service Pack 8.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH