COMMAND

    Website

SYSTEMS AFFECTED

    O'Reilly WebSite Professional 2.x for Windows 9x/NT/2000

PROBLEM

    Following is based on COVERT Labs Security Advisory.  The indexing
    utility webfind.exe distributed with O'Reilly WebSite Professional
    contains an unchecked buffer allowing for the remote execution  of
    arbitrary code on vulnerable hosts.

    WebSite Professional contains two utilities, webindex and webfind,
    that provide full-text search  capabilities for a WebSite  server.
    Webindex  provides  a  walkthrough  wizard  to create a new index,
    reconfigure an existing one or delete an old one.  Webfind is  the
    CGI program that searches the indexes created by Webindex.

    Webfind displays  a search  form for  the user  to complete,  then
    executes the search.  The webfind search form takes a user-defined
    string, adding it to the "keywords" parameter of the  QUERY_STRING
    in the web request.

    Passing a long request to the "keywords" parameter overwrites  the
    stack with user defined  data allowing the execution  of arbitrary
    code on the remote host.

    This vulnerability was  discovered by Barnaby  Jack at the  COVERT
    Labs of PGP Security, Inc.

SOLUTION

    O'Reilly has  corrected this  issue in  WebSite Professional  2.5,
    which is now available from:

        http://website.oreilly.com