Durian Web Application Server request handling buffer overflow

durian-web-bo (31161) The risk level is classified as HighHigh Risk

Description:

Durian Web Application Server is vulnerable to a buffer overflow, caused by improper handling of requests sent to port 4002. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Platforms Affected:

  • Mozilla, Durian Web Application Server 3.02

Remedy:

No remedy available as of November 29, 2008.

Consequences:

Gain Access

References:

  • SourceForge.net, Durian Web Application Server at http://sourceforge.net/projects/durian/.
  • BID-21808: Durian Web Application Server Remote Buffer Overflow Vulnerability
  • CVE-2006-6853: Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
  • SECTRACK ID: 1017456: Durian Buffer Overflow Lets Remote Users Execute Arbitrary Code

Reported:

Dec 29, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page