Moby NetSuite 1.0/1.2 - POST Handler Buffer Overflow

Author: Matthew Murphy
type: dos
platform: multiple
port: 
date_added: 2002-11-29  
date_updated: 2012-10-18  
verified: 1  
codes: CVE-2002-2258;OSVDB-60138  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22053.txt  
source: https://www.securityfocus.com/bid/6277/info

A buffer overflow vulnerability has been reported for Moby NetSuite that may result in a denial of service condition. Reportedly, it is possible to cause NetSuite to crash when a malformed POST request is received.

An attacker can exploit this vulnerability by issuing a malformed POST request. When NetSuite attempts to service the malformed POST request, it will crash resulting in a denial of service. Restarting the service is neccessary to restore functionality.

POST /cgi-bin/test.cgi HTTP/1.0
Content-Length: 111111111111111111111111111