Buffer Overflow in Website Pro
Impact
A buffer overflow condition in Website Pro could allow
a remote attacker to execute arbitrary commands on the
server.
Background
O'Reilly's Website
Professional is a full-featured web server for
Windows platforms.
The Problem
There are two separate buffer overflow conditions
in Website Pro which could allow a remote attacker
to execute arbitrary commands on the server.
The first one can be exploited in
a number of ways, such as a long GET
request or a long Referrer header. The second one
can be exploited by supplying a very long search
string to webfind.exe. Both conditions
affect Website Pro 2.4 for Windows NT.
Resolutions
Upgrade to Website Pro
version 2.5 or higher.
Where can I read more about this?
The first buffer overflow was posted to
Bugtraq. The second was also posted to
Bugtraq.