A buffer overflow vulnerability in SmartDesk WebSuite 2.1

vendor:

WebSuite

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: WebSuite

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: YES

Related CWE: N/A

CPE: a:smartdesk:websuite:2.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 98, Windows NT

2000

A buffer overflow vulnerability in SmartDesk WebSuite 2.1

A buffer overflow vulnerability in SmartDesk WebSuite 2.1 allows malicious remote users to crash the server, and may at worst allow them to execute arbitrary code. WebSuite 2.1 will crash when the filename requested is overly long. Test showed the filename length that crashed the server varied from 250 to over 2,000 bytes long. On Windows 98, append 150 to 1,000+ characters to the URL. On Windows NT, append 250 to 2,000+ characters to the URL.

Mitigation:

Upgrade to the latest version of SmartDesk WebSuite.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/278/info

A buffer overflow vulnerability in SmartDesk WebSuite 2.1 allows malicious remote users to crash the server, and may at worst allow them to execute arbitrary code.

WebSuite 2.1 will crash when the filename requested is overly long. Test showed the filename length that crashed the server varied from 250 to over 2,000 bytes long. 

On Windows 98, append 150 to 1,000+ characters to the URL.

On Windows NT, append 250 to 2,000+ characters to the URL.

example:

http://hostname/00000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000