COMMAND

    Netscape Enterprise Server

SYSTEMS AFFECTED

    Netscape Enterprise Server (Windows NT 4.0, possibly others)

PROBLEM

    Following  is  based  on  S.A.F.E.R.  Security Bulletin.  Netscape
    Enterprise Server is  a web server  with long history  of security
    problems.   S.A.F.E.R. tested  version 3.6  SP2 on  Windows NT 4.0
    Server  edition,  and  found  it  to  be  vulnerable  to  a buffer
    overflow.

    A buffer overflow exists in Netscape Enterprise Server version 3.6
    SP2, and   possibly others, which  allows remote users  to execute
    arbitrary code.   The request which  will cause httpd.exe  process
    to crash is (for example):

        GET /[4080 x 'A'] HTTP/1.0

    The method seems not to be important at all, but the length of the
    request does. You can  use BLAH as a  method (instead of GET),  or
    any other string you wish. Dr. Watson pops up with a message:

        "Exception access violation (0xc0000005), Address 0x41414141"

    Remote execution of code is possible.

SOLUTION

    The  problem  is  present  in  Netscape Enterprise Server 3.6 SP2,
    running on Windows NT  platform.  S.A.F.E.R. also  tested Netscape
    Enterprise Server 3.51I running on Solaris, and found it not to be
    vulnerable.   Until  the  official  statement  from  Netscape   is
    released,  consider   the  possibility   that  all   versions  are
    vulnerable.