> RedTeam Pentesting believes it is > also possible to exploit this vulnerability to execute code on the > server. > > Cant you open a debugger ?
> > Proof of Concept > ================ > > The following command can be used to crash the server if it is called > multiple times: > > $ curl -i > "http://gncaster.example.com:1234/`perl<http://gncaster.example.com:1234/%60perl>-e > 'printf "A"x988'`" > > > Jeremy's back yo ! > > Workaround > ========== > > A vulnerable server could be protected from this vulnerability by an > application layer firewall that filters overly long HTTP GET requests. > > > Fix > === > > Update GNCASTER to version 1.4.0.8. > > > Security Risk > ============= > > This vulnerability can be used for very efficient DoS attacks. This is > especially serious as GNCaster is a real time application that is > typically used by multiple mobile clients that rely on a functioning > server. The vulnerability could potentially also be leveraged to remote > code execution on the server. The risk is therefore regarded as high. > > > History > ======= > > 2009-07-06 Vulnerability identified during a penetration test > 2009-07-14 Meeting with customer > // 8 days later, wtf ?!? > 2009-12-01 Vendor releases fixed version > 2010-01-27 Advisory released >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
