From cst@CERBERUS-INFOSEC.CO.UK Mon Jul 10 03:07:16 2000 From: Cerberus Security Team To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 25 May 2000 18:43:20 -0700 Subject: Alert: PDG Cart Overflows [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] Cerberus Information Security Advisory (CISADV000525) http://www.cerberus-infosec.co.uk/advisories.html Released : 25th May 2000 Name : PDGSoft Shopping Cart buffer overflows Affected Systems : UNIX/NT Web servers with PDGSoft's Cart. Issue : Remote attackers can execute arbitrary code Description *********** The Cerberus Security Team has discovered two buffer overflows in two of the executables that come with PDGSoft's Shopping Cart (http://www.pdgsoft.com/). These overruns can be exploited to execute arbitrary code by a remote attacker. Details ******* The two executables with the vulnerabilities are redirect.exe and changepw.exe both of which are accessible over the web. If supplied an overly long query string both will overflow an internal buffer overwriting the saved return address. Solution: ********* The vendor has made available a patch for every affected platform. See http://www.pdgsoft.com/Security/security2.html Vendor Status ************* PDGSoft were informed about these issues earlier this month and have developed a patch. Cerberus would like to that everyone at PDGSoft for their quick response. About Cerberus Information Security, Ltd ***************************************** Cerberus Information Security, Ltd, a UK company, are specialists in penetration testing and other security auditing services. They are the developers of CIS (Cerberus' Internet security scanner) available for free from their website: http://www.cerberus-infosec.co.uk To ensure that the Cerberus Security Team remains one of the strongest security audit teams available globally they continually research operating system and popular service software vulnerabilites leading to the discovery of "world first" issues. This not only keeps the team sharp but also helps the industry and vendors as a whole ultimately protecting the end consumer. As testimony to their ability and expertise one just has to look at exactly how many major vulnerabilities have been discovered by the Cerberus Security Team - over 70 to date, making them a clear leader of companies offering such security services. Founded in late 1999, by Mark and David Litchfield, Cerberus Information Security, Ltd are located in London, UK but serves customers across the World. For more information about Cerberus Information Security, Ltd please visit their website or call on +44(0)208 395 4980. Permission is hereby granted to copy or redistribute this advisory but only in its entirety. Copyright (C) 2000 by Cerberus Information Security, Ltd