Ezhometech Ezserver Long 'GET' Request Stack Overflow Vulnerability Network Vulnerability

Summary

This host is running Ezhometech Ezserver and is prone stack based buffer overflow vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition. Impact Level: System/Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

Buffer overflow condition exist in URL handling, sending long GET request to the server on port 8000 will cause server process to exit.

Affected

Ezhometech EzServer version 6.4 and prior

References

http://packetstormsecurity.org/files/113851/ezhometechezserver-overflow.txt
http://packetstormsecurity.org/files/113860/ezserver_http.rb.txt
http://secunia.com/advisories/49568/
http://www.exploit-db.com/exploits/19266/
http://www.exploit-db.com/exploits/19291/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

HP System Management Homepage Multiple Vulnerabilities
Xerver HTTP Server Web Administration Denial of Service Vulnerability
Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability
Serva32 Directory Traversal and Denial of Service Vulnerabilities

Take action and discover your vulnerabilities