Vulnerabilities > CVE-2003-0471 - Buffer Overflow vulnerability in Alt-N WebAdmin USER Parameter

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
alt-n
nessus
exploit available
metasploit
NVD
Published: 2003-08-07
Updated: 2016-10-18

Summary

Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.

Vulnerable Configurations

Part Description Count
Application
Alt-N
1

Exploit-Db

  • descriptionAlt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (2). CVE-2003-0471. Remote exploit for windows platform
    idEDB-ID:22834
    last seen2016-02-02
    modified2003-06-24
    published2003-06-24
    reporterMark Litchfield
    sourcehttps://www.exploit-db.com/download/22834/
    titleAlt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability 2
  • descriptionWebAdmin <= 2.0.4 USER Buffer Overflow Exploit. CVE-2003-0471. Remote exploit for windows platform
    idEDB-ID:1210
    last seen2016-01-31
    modified2005-09-11
    published2005-09-11
    reportery0
    sourcehttps://www.exploit-db.com/download/1210/
    titleWebAdmin <= 2.0.4 USER Buffer Overflow Exploit
  • descriptionAlt-N WebAdmin USER Buffer Overflow. CVE-2003-0471. Remote exploit for windows platform
    idEDB-ID:16776
    last seen2016-02-02
    modified2010-02-15
    published2010-02-15
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16776/
    titleAlt-N WebAdmin USER Buffer Overflow
  • descriptionAlt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability (1). CVE-2003-0471. Remote exploit for windows platform
    idEDB-ID:22833
    last seen2016-02-02
    modified2003-06-24
    published2003-06-24
    reporterMark Litchfield
    sourcehttps://www.exploit-db.com/download/22833/
    titleAlt-N WebAdmin 2.0.x USER Parameter Buffer Overflow Vulnerability 1

Metasploit

descriptionAlt-N WebAdmin is prone to a buffer overflow condition. This is due to insufficient bounds checking on the USER parameter. Successful exploitation could result in code execution with SYSTEM level privileges.
idMSF:EXPLOIT/WINDOWS/HTTP/ALTN_WEBADMIN
last seen2020-03-10
modified2017-07-24
published2006-01-16
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/altn_webadmin.rb
titleAlt-N WebAdmin USER Buffer Overflow

Nessus

NASL familyCGI abuses
NASL idWEBADMIN.NASL
descriptionwebadmin.dll was found on the web server. Old versions of this CGI suffered from numerous problems: - installation path disclosure - directory traversal, allowing anybody with administrative permission on WebAdmin to read any file - buffer overflow, allowing anybody to run arbitrary code on the server with SYSTEM privileges. Note that no attack was performed, and the version number was not checked, so this might be a false alert
last seen2020-06-01
modified2020-06-02
plugin id11771
published2003-06-24
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11771
titleAlt-N WebAdmin Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

# References:
# http://www.kamborio.com/?Section=Articles&Mode=select&ID=55
#
# From: "Mark Litchfield" <[email protected]>
# To: [email protected], [email protected],
#   [email protected]
# Date: Tue, 24 Jun 2003 15:22:21 -0700
# Subject: Remote Buffer Overrun WebAdmin.exe
#

include("compat.inc");

if (description)
{
  script_id(11771);
  script_version("1.28");
  script_cvs_date("Date: 2018/11/15 20:50:19");

  script_cve_id("CVE-2003-0471", "CVE-2003-1463");
  script_bugtraq_id(7438, 7439, 8024);

  script_name(english:"Alt-N WebAdmin Multiple Vulnerabilities");
  script_summary(english:"Checks for the presence of webadmin.dll");

  script_set_attribute(attribute:'synopsis', value:"The remote CGI is vulnerable to multiple flaws.");

  script_set_attribute(attribute:'description', value:
"webadmin.dll was found on the web server. Old versions of this CGI
suffered from numerous problems: - installation path disclosure -
directory traversal, allowing anybody with administrative permission
on WebAdmin to read any file - buffer overflow, allowing anybody to
run arbitrary code on the server with SYSTEM privileges.

Note that no attack was performed, and the version number was not
checked, so this might be a false alert");
  script_set_attribute(attribute:'see_also', value:"https://marc.info/?l=bugtraq&m=105647081418155&w=2");
  script_set_attribute(attribute:'see_also', value:'https://www.securityfocus.com/archive/1/319735');
  script_set_attribute(attribute:'solution', value:"Upgrade to Alt-N WebAdmin 2.0.5 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"metasploit_name", value:'Alt-N WebAdmin USER Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20);

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/24");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80);
res = is_cgi_installed3(port:port, item:"webadmin.dll");
if (res) security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83099/altn_webadmin.rb.txt
idPACKETSTORM:83099
last seen2016-12-05
published2009-11-26
reporterMC
sourcehttps://packetstormsecurity.com/files/83099/Alt-N-WebAdmin-USER-Buffer-Overflow.html
titleAlt-N WebAdmin USER Buffer Overflow

References