Dear, Bugtraq
"Just little bits of history repeating"
I have discovered a buffer overflow in CrazyWWWBoard Full Edition &&
CrazyWWWBoard Limited Edition.
This is NOT that same overflow as discovered by Jin Ho You, 01.30.2001
(http://www.securityfocus.com/archive/1/159387)
This overflow will allow for arbitrary code execution with the privileges of
the web server. The versions which have been tested are:
CrazyWWWBoard2000p4 for RedHat 6.0 and CrazyWWWBoard2000LEp5 for
RedHat 6.1.
Proof of Concept exploit attached.
Sincerely yours,
teleh0r
--
To avoid criticism, do nothing, say nothing, be nothing.
-- Elbert Hubbard
crazywwwb-exploit.pl