Home > Mailing-Lists > Securiteam > 2002-02 Newsgroups Recommendations Privacy [NT] Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities From: support@securiteam.com Date: 02/17/02 Previous message: support@securiteam.com: "[UNIX] MPG123 Local Buffer Overflow Vulnerability (Command Line)" Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ] -------------------------------------------------------------------------------- From: support@securiteam.com To: list@securiteam.com Date: Sun, 17 Feb 2002 10:51:46 +0100 (CET) The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion When was the last time you checked your server's security? How about a monthly report? http://www.AutomatedScanning.com - Know that you're safe. - - - - - - - - - Phusion Webserver File Viewing, DoS and Arbitrary Code Execution Vulnerabilities ------------------------------------------------------------------------ SUMMARY Phusion Webserver Server is an Webserver for Windows 9x/NT/2000. Multiple security vulnerabilities have been found in the product that allow remote attackers to launch a denial-of-service, retrieve files that reside outside the normal HTTP bounding directory, overflow an internal buffer causing it to execute arbitrary code, and execute arbitrary commands (via a directory traversal bug). DETAILS