J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1536
    posted: 11/05/09
  • NSM Daily Update #1536
    posted: 11/05/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1536
    posted: 11/05/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/05/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/04/09

Title: MyServer Multiple Remote math_sum.mscgi Example Script Vulnerabilities

Severity: CRITICAL

Description:

MyServer is a freely available server application designed to create a simple interface for providing various file sharing services such as HTTP servers and is released under the GNU public license. It is available for Unix and Unix variant operating systems as well as Microsoft Windows.

Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input.

The first issue reported can be exploited to carry out cross-site scripting attacks against the affected computer. The 'math_sum.mscgi' script parameters 'a' and 'b' are not properly sanitized before being included in dynamically generated web content.

As a result of this issue it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. All code will be executed within the context of the website running the affected application. It has also been reported that this issue can be exploited to trigger a denial of service condition in the server using specific JavaScript code.

The second issue that has been reported is a buffer overflow issue surrounding the 'a' and 'b' parameters to the 'math_sum.mscgi' script. Apparently these parameters are copied into finite stack-based buffers within the affected process without proper validation of buffer lengths. It has been reported that 86 bytes are sufficient to trigger this issue.

Due to this issue an attacker would be able to craft a malicious string containing machine code and memory addresses designed to gain control of the process execution flow. Ultimately this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the vulnerable application.

These issues are reported to affect MyServer version 0.6.2, it is likely other versions are also affected.

Affected Products:

  • myServer myServer 0.6.2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.