Detections
Analytics

XAMPP ADOdb mssql_connect Remote Buffer Overflow

high Nessus Plugin ID 25117

Language:

Synopsis

The remote web server is prone to a buffer overflow attack.

Description

The remote host is running XAMPP, an Apache distribution containing MySQL, PHP, and Perl. It is designed for easy installation and administration.

The remote version of XAMPP includes a PHP interpreter that is affected by a buffer overflow involving calls to 'mssql_connect()' as well as an example PHP script that allows this function to be called with arbitrary arguments. Using a specially crafted value for the 'host' parameter of the 'xampp/adodb.php' script, an unauthenticated, remote attacker can leverage these issues to execute arbitrary code on the affected host subject to the privileges under which the web server operates, potentially LOCAL SYSTEM.

Solution

Use XAMPP's Security Console to restrict access to the '/xampp' directory.

See Also

http://packetstorm.linuxsecurity.com/0704-exploits/xampp-rgod.txt

https://www.apachefriends.org/blog/news-article-100366.html

https://www.apachefriends.org/download.html#1221

Plugin Details

Severity: High

ID: 25117

File Name: xampp_adodb_mssql_connect_overflow.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 4/30/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploitable With

ExploitHub (EH-12-409)

Reference Information

CVE: CVE-2007-2079

BID: 23491