MediaHouse Server Live Stats Runs Arbitrary Code

An unchecked buffer can allow arbitrary code to run on the server to perform actions such as spawning a command shell.

ITPro Today Staff

August 14, 2000

1 Min Read
ITPro Today logo in a gray background | ITPro Today

 

Reported August 14, 2000 by DeepZone Digital Security

VERSIONS EFFECTED

  • MediaHouse Statistics Server Live Stats

DESCRIPTION

An unchecked buffer exists within the code the process Web-based GET commands, where the buffer can be overflowed to cause the execution of arbitrary code on the server.

By sending a string of approximately 2033 bytes in length the buffer will overflow.

VENDOR RESPONSE

MediaHouse has created a 5.03 patch that corrects for the Statistics Server (LiveStats) 5.02x memory overflow bug.

CREDIT
Discovered by DeepZone Digital Security

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like