Info

Disclosure

Jan 06, 1997

Discovery

Unknown

Dates

Exploit

Jan 06, 1997

Solution

Unknown

Description

O'Reilly WebSite contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the 'win-c-sample' program containing a remote overflow. The program fails to validate unspecified user-supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can execute custom code under the privileges of the web server process.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 2.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: remove the win-c-sample program from the web server Note: This product has been discontinued. See vendor URL for additional details.

Products

O'Reilly Media, Inc.	WebSite Professional	2.0
		1.1c
		1.1b
	WebSite	1.1
		1.0

References

CVE ID: 1999-0178 (see also: NVD)
Bugtraq ID: 2078
ISS X-Force ID: 295
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Vendor URL: http://www.oreilly.com/software/index.html?
Generic Informational URL: http://www.whitehats.com/info/IDS231

Credit

Solar Designer - solarideal.ru -

Direct URL: http://osvdb.org/8

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

O'Reilly Media, Inc.

WebSite Professional

WebSite

References

Credit