[转载]Savant Web服务器URI缓冲区溢出

文章作者：Mati Aharoni

Summary
Savant is "a full-featured open source web server for computers running any version of Windows 95/NT or greater".

Due to improper bounds checking routines in Savant, a remote attacker can cause the program to overflow an internal buffer and as a consequence execute arbitrary code.

Credit:
The information has been provided by Mati Aharoni.

Details
Vulnerable Systems:
* Savant Web Server version 3.1 and prior

By sending a malformed HTTP request in the following format Any_Text / [256 Bytes]\r\n a remote attacker is able to overwrite the instruction pointer with an arbitrary address.

Exploit:
http://www.eviloctal.com/forum/read.php?tid=7476