LiteSpeed Web Server HTTP Header Processing Buffer Overflow Vulnerability

Posted on Monday, December 20, 2010 @ 21:50:56 PST in Security
by Raven

SECUNIA ADVISORY ID: SA42592

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42592/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-21

DESCRIPTION: Kingcope has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 4.0.18 Standard. Other versions may also be affected.


The vulnerability is caused due to a boundary error in the LSAPI PHP extension (lsphp) when processing HTTP headers and can be exploited to cause a stack-based buffer overflow via an overly-long header (greater than 255 bytes) sent in a web request to a PHP script. Successful exploitation allows execution of arbitrary code.

SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists).

PROVIDED AND/OR DISCOVERED BY: Kingcope

ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0188.html
 
 
click Related        click Share
 
 
Associated Topics

Internet
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 343,977,994
  • Today: 35,499
Server InfoServer Info
  • Dec 13, 2017
  • 02:55 pm PST
 
 

Daily Inspiration