SWS Web Server recv() memory overwrite
| sws-webserver-recv-overwrite (10072) |  Medium Risk |
Description:
SWS Web Server could allow a remote attacker to cause heap data to be overwritten. If a remote attacker sends a specially malformed request to the Web server, the attacker could cause the recv() call to fail, which would overwrite one byte of memory. This vulnerability may be exploited to cause a denial of service or execute code on the vulnerable server.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Tue Sep 03 2002 - 05:47:22 CDT : Re: SWS Web Server v0.1.0 Exploit.
- Linux Programlama Web site: SWS Web Server (Simple Web Server) (Süratli Web Sunucusu).
- BID-5660: SWS Simple Web Server Stack Corruption Vulnerability
- CVE-2002-1870: Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
Platforms Affected:
- M.Ali VARDAR and Her Hakk Sakldr SWS Web Server 0.1.0
Reported:
Sep 03, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net