Signature Detail

HTTP: GazTek HTTP Daemon URL Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the Gaztek HTTPD. Versions 1.4 and earlier are vulnerable. Attackers can send a maliciously crafted GET request in a long URL to the HTTP daemon to control server processes and execute arbitrary commands.

Extended Description

ghttpd is a freely available, open source web server for Unix systems. ghttpd supports CGI and is easy to configure and use. A buffer overflow is known to exist in ghttp which will allow arbitrary code to be executed with the privileges of the webserver. Proof-of-concept code has demonstrated that this vulnerability can be exploited by remote attackers.

Affected Products

• ghttpd 1.4.0
• ghttpd 1.4.1
• ghttpd 1.4.2
• ghttpd 1.4.3

References

• BugTraq: 2879
• CVE: CVE-2001-0820
• URL: http://www.securityfocus.com/bid/2879
• URL: http://online.securityfocus.com/archive/1/295141
• URL: http://archives.neohapsis.com/archives/bugtraq/2001-06/0225.html