Ravens PHP Scripts

LiteSpeed Web Server HTTP Header Processing Buffer Overflow Vulnerability
Date: Monday, December 20, 2010 @ 20:50:56 PST
Topic: Security


SECUNIA ADVISORY ID: SA42592

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42592/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: Kingcope has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 4.0.18 Standard. Other versions may also be affected.




The vulnerability is caused due to a boundary error in the LSAPI PHP extension (lsphp) when processing HTTP headers and can be exploited to cause a stack-based buffer overflow via an overly-long header (greater than 255 bytes) sent in a web request to a PHP script. Successful exploitation allows execution of arbitrary code.

SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists).

PROVIDED AND/OR DISCOVERED BY: Kingcope

ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0188.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3874