Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web Server v2.0.2 Beta 1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web Server v2.0.2 Beta 1
From: Holger Zimmermann <zimpel@xxxxxxxxxxxxxxxxxxxxx>
Date: 5 Jun 2003 16:38:54 -0000
Delivered-to: zerbey@localhost.horry.org
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Delivery-date: Thu, 05 Jun 2003 20:52:28 +0100
Envelope-to: zerbey@wibble.co.uk
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm

In-Reply-To: <3EDBB632.4030000@xxxxxxxxxxx>

The problem has been encountered with the Win32 version

of Pi3Web 2.0.2 beta 1, a pre-released beta for public

testing.

As I determined, it is not necessary, to have specific

configuration options set in order to reproduce the

exploit (maybe dependent on the runtime-environment).



The problem is fixed in Pi3Web 2.0.2 beta 2, available

from:

http://belnet.dl.sourceforge.net/sourceforge/pi3web/Pi3Web-x86Win32-2_0_2-beta2.exe



Pi3Web 2.0.2 beta 1 is no more available and has been

available for only about one week (5 downloads of

Pi3Web 2.0.2 beta 1 registered at sourceforge).

--

Holger Zimmermann

Prev by Date: Monkey Http Daemon
Next by Date: MDKSA-2003:064 - Updated kon2 packages fix buffer overflow vulnerability
Previous by thread: Monkey Http Daemon
Next by thread: MDKSA-2003:064 - Updated kon2 packages fix buffer overflow vulnerability
Index(es):
- Date
- Thread