Updated:  September 26, 2001

Status

Affected

Vendor Statement

From the change log: "* nsd/serv.c: [ #232139 ] Buffer overflow in ParseAuth(). ParseAuth() uses a 256-byte buffer for decoding authentication data. Unfortunately, Ns_HtuuDecode() does not do an adequate job in reventing data overflow due to the way it tries to loop unroll 4-bytes per iteration. To reproduce: Using IE 5.xxx, navigate to a page that challenges (ie 401 return). Fill the user/pwd fields with as much data as possible. Hit return, and watch AOLserver die due to stack corruption (on Linux, at least). It is preferable to allocate the storage dynamically. Thanks to Adam Zell for the bug report and patch!!"

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.