Vulnerability

    WebBBS

Affected

    WebBBS HTTP Server v1.15

Description

    Following is based on Delphis Consulting Security Team Advisories.
    Delphis Consulting Internet  Security Team (DCIST)  discovered the
    following vulnerabilities in  WebBBS under Windows  NT.  By  using
    the  Webserver  which  is  shipped  and  installed by default with
    WebBBS it is  possible to cause  a BufferOverRun in  WebBBS.  This
    is  done  be  connecting  to  port  80  (WebBBS) which the service
    resides on by  default and sending  a large filename.   The string
    has to be  a length of  227 + EIP  (4 bytes making  a total of 231
    bytes).  This  will cause the  above application to  BufferOverRun
    over  writing  EIP.   This  would  allow  an  attacker  to execute
    arbitrary code.

    By using the Webserver which  is shipped and installed by  default
    with WebBBS  it is  possible to  cause a  BufferOverRun in WebBBS.
    This is done be connecting  to port 80 (WebBBS) which  the service
    resides on  by default  and sending  a large  get statements  (the
    Logon screen is a  good example).  The  string has to be  a length
    of 545 +  EIP (4 bytes  making a total  of 549 bytes).   This will
    cause the  above application  to BufferOverRun  over writing  EIP.
    This would allow an attacker to execute arbitrary code.

Solution

    These has been resolved in v1.17.