CVE-1999-0267
published 1997-09-23CVE-1999-0267: Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
PriorityP335high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.24%
95.1th percentile
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ncsa | ncsa_httpd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
NCSA HTTPd 1.x - Remote Buffer Overflow (1)
exploitdb·1997-04-23
CVE-1999-0267 NCSA HTTPd 1.x - Remote Buffer Overflow (1)
NCSA HTTPd 1.x - Remote Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/3158/info
NCSA HTTPd is a free, open-source web server for *nix systems.
NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflow(in the username field) which will allow malicious remote users to execute arbitrary code with the privileges of the webserver process.
Successful exploitation of this vulnerability will allow a remote attacker to gain local access to the host.
/*
* NCSA 1.3 Linux/intel remote xploit by [email protected] 1997-April-23
*
* Special THANKS to: b0fh,|r00t,eepr0m,moxx,Fr4wd,Kore,EDevil and the rest of ToXyn !!!
*
* usage:
* $ (hackttpd 0; cat) | nc victim 143
* |
* +--> usually from -1000 to 1000 (try steeps of 100)
*/
#include
unsigned char sh
Exploit-DB
NCSA HTTPd 1.x - Remote Buffer Overflow (2)
exploitdb·1995-02-17
CVE-1999-0267 NCSA HTTPd 1.x - Remote Buffer Overflow (2)
NCSA HTTPd 1.x - Remote Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/3158/info
NCSA HTTPd is a free, open-source web server for *nix systems.
NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflow(in the username field) which will allow malicious remote users to execute arbitrary code with the privileges of the webserver process.
Successful exploitation of this vulnerability will allow a remote attacker to gain local access to the host.
/*
; NCSA Webserver Buffer Overflow in 1.3
; By Xtremist ([email protected]) for [r00tabega.security.labs]
; Tested on Slackware 4.0 with NCSA 1.3
; usage:
; $ (ncsaexpl 0; cat) | nc victim 80
;
; OFFSET usually from -1000 to 1000
; greets all people i know :)
;*/
#include
unsigned char shell[] = /*
No writeups or analysis indexed.
1997-09-23
Published