Intrusion Prevention

AN.HTTPD.cmdIS.DLL.Buffer.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in the AN HTTPD web server.
The plugin cmdIS.dll is used by the server to parse a "bat" file and run it as a cgi script, calling the GetEnvironmentStrings API to get environment variables. The result from the API is not properly sanitized by the cmdSI.dll plugin before copying it into a buffer. An attacker can cause a buffer overflow by sending a GET request with oversized "user-agent", "host", or "accept-encoding" HTTP headers, resulting in a denial of service or arbitrary code execution in the web server security context.

Affected Products

AN HTTPd 1.42 n and earlier versions.

Impact

System compromise: remote code execution.

Recommended Actions

Apply the most recent upgrades or patches from the vendor.

CVE References

CVE-2005-1086

Other References

1