Ezhometech Ezserver Long 'GET' Request Stack Overflow Vulnerability Network Vulnerability

Summary

This host is running Ezhometech Ezserver and is prone stack based buffer overflow vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Buffer overflow condition exist in URL handling, sending long GET request to the server on port 8000 will cause server process to exit.

Affected

Ezhometech EzServer version 6.4 and prior

References

http://packetstormsecurity.org/files/113851/ezhometechezserver-overflow.txt
http://packetstormsecurity.org/files/113860/ezserver_http.rb.txt
http://secunia.com/advisories/49568/
http://www.exploit-db.com/exploits/19266/
http://www.exploit-db.com/exploits/19291/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Kolibri Remote Buffer Overflow Vulnerability
Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
Null HTTPd Server Content-Length HTTP Header Buffer overflow Vulnerability
CERN httpd CGI name heap overflow
Zeus Web Server 'SSL2_CLIENT_HELLO' Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities