Secunia

Some vulnerabilities have been reported in AN HTTPD, which can be exploited by malicious people to inject arbitrary data into log files, cause a DoS (Denial of Service) and compromise a vulnerable system.

1) A boundary error in the cmdIS.DLL plug-in can be exploited to cause a buffer overflow by using the plug-in to parse certain files and at the same time supply an overly long string (about 8300 bytes) to the "user-agent", "host", or "accept-encoding" HTTP header.

Successful exploitation allows execution of arbitrary code, but requires either an accessible ".bat" file using the "set" command (default install includes "test.bat") or the ability to place or manipulate a file on the system inside the web root.

2) Missing sanitation of data written to log files can be exploited to manipulate the contents and e.g. inject fake entries or commands, which can be exploited to compromise the system in combination with the first vulnerability.

3) An error in the parameter handling can be exploited to cause a vulnerable service to crash by supplying some invalid input to the "test.bat", "input.bat" and input2.bat" CGI-scripts.

The vulnerabilities have been reported in version 1.42n. Other versions may also be affected.

Solution
1-2) Remove the "cmdIS.DLL" file located in the "scripts/" directory. Also, place the "httpd.log" log file outside the web root.
Further details available in Customer Area

Provided and/or discovered by
1-2) Tan Chew Keong
3) Dr_insane

Changelog
Further details available in Customer Area

Original Advisory
1-2) http://www.security.org.sg/vuln/anhttpd142n.html

Deep Links
Links available in Customer Area