savant.overflow.txt

savant.overflow.txt: Posted Jan 8, 2002; Authored by Tamer Sahin | Site securityoffice.net; The Savant Web Server v3.0 for Windows 95, 98, ME, NT, and 2000 has a remotely exploitable buffer overflow. Fix available at https://savant.sourceforge.net.; tags | web, overflow; systems | windows; SHA-256 | 225cd09a44933b83edcf3f7b0099bcd1bc96a920de2607ada83c729477a76cbc; Download | Favorite | View

savant.overflow.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Savant Webserver Buffer Overflow Vulnerability

Type:
DoS, crashes Daemon

Release Date:
January 5, 2002

Product / Vendor:
Savant is a freeware open source web server that runs on Windows 95,
98, ME, NT, and 2000, turning any desktop computer into a powerful
web server.  Designed to be fast, secure, and efficient, Savant is
the choice of thousands of professional and amateur webmasters
worldwide.

https://savant.sourceforge.net

Summary:
Server crashes after sending very long parameter a few times.

https://host/cgi-bin/cgi-test.pl.......................................
......................................................................
......................................................................
...........................................................

The instruction at "0x002e2e3d" referenced memory at "0xac40303c".
The memory could not be "written".

Log:
Error File: <error.txt>
- -
- -
- -
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process

Tested:
Windows 2000 / Savant 3.0

Vulnerable:
Savant 3.0 (And may be other)

Disclaimer:
https://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts@securityoffice.net
https://www.securityoffice.net

Tamer Sahin
https://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <https://www.pgp.com>

iQA/AwUBPDcsyLuLpFMrXtywEQILHQCePykGavuFDzyuhv3QEJvJj69IT2gAn0w0
N2KarHO/eJUF9oapdNikgNam
=gpy0
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 267 files
indoushka 178 files
Jay Turla 150 files
Ubuntu 74 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 24 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,591)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,312)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,885)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,861)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

savant.overflow.txt

savant.overflow.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

savant.overflow.txt

Share This

savant.overflow.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems