Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-209: activePDF Server Packet Processing Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-209: activePDF Server Packet Processing Vulnerability
# 1  
Old 02-27-2008
S-209: activePDF Server Packet Processing Vulnerability
activePDF Server is prone to a remote heap-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The risk is MEDIUM. Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Cybersecurity

Web Hack Attempt from whois 209.126.68.6

Anyone care to take a stab at decoding this hack attempt on a web server. From the error logs: $ cat error.log (36)File name too long: AH00036: access to... (4 Replies)
Discussion started by: Neo
4 Replies

2. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

3. IP Networking

Software/tool to route an IP packet to proxy server and capture the Proxy reply as an

Hi, I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

net::server::proto::ssl

Net::Server::Proto::SSL(3pm)				User Contributed Perl Documentation			      Net::Server::Proto::SSL(3pm)

NAME

       Net::Server::Proto::SSL - Net::Server SSL protocol.

SYNOPSIS

       Until this release, it was preferrable to use the Net::Server::Proto::SSLEAY module.  Recent versions include code that overcomes original
       limitations.

       See Net::Server::Proto.	See Net::Server::Proto::SSLEAY.

	   use base qw(Net::Server::HTTP);
	   main->run(
	       proto => 'ssl',
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   );

	   # OR

	   sub SSL_key_file  { "/path/to/my/file.key" }
	   sub SSL_cert_file { "/path/to/my/file.crt" }
	   main->run(proto = 'ssl');

	   # OR

	   main->run(
	       port => [443, 8443, "80/tcp"],  # bind to two ssl ports and one tcp
	       proto => "ssl",	     # use ssl as the default
	       ipv  => "*",	     # bind both IPv4 and IPv6 interfaces
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   );

	   # OR

	   main->run(port => [{
	       port  => "443",
	       proto => "ssl",
	       # ipv => 4, # default - only do IPv4
	       SSL_key_file  => "/path/to/my/file.key",
	       SSL_cert_file => "/path/to/my/file.crt",
	   }, {
	       port  => "8443",
	       proto => "ssl",
	       ipv   => "*", # IPv4 and IPv6
	       SSL_key_file  => "/path/to/my/file2.key", # separate key
	       SSL_cert_file => "/path/to/my/file2.crt", # separate cert

	       SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
			     # key/value will automatically be passed to IO::Socket::SSL
	   }]);

DESCRIPTION

       Protocol module for Net::Server based on IO::Socket::SSL.  This module implements a secure socket layer over tcp (also known as SSL) via
       the IO::Socket::SSL module.  If this module does not work in your situation, please also consider using the SSLEAY protocol
       (Net::Server::Proto::SSLEAY) which interfaces directly with Net::SSLeay.  See Net::Server::Proto.

       If you know that your server will only need IPv4 (which is the default for Net::Server), you can load IO::Socket::SSL in inet4 mode which
       will prevent it from using Socket6 and IO::Socket::INET6 since they would represent additional and unsued overhead.

	   use IO::Socket::SSL qw(inet4);
	   use base qw(Net::Server::Fork);

	   __PACKAGE__->run(proto => "ssl");

PARAMETERS

       In addition to the normal Net::Server parameters, any of the SSL parameters from IO::Socket::SSL may also be specified.	See
       IO::Socket::SSL for information on setting this up.  All arguments prefixed with SSL_ will be passed to the IO::Socket::SSL->configure
       method.

BUGS

       Until version Net::Server version 2, Net::Server::Proto::SSL used the default IO::Socket::SSL::accept method.  This old approach introduces
       a DDOS vulnerability into the server, where the socket is accepted, but the parent server then has to block until the client negotiates the
       SSL connection.	This has now been overcome by overriding the accept method and accepting the SSL negotiation after the parent socket has
       had the chance to go back to listening.

LICENCE

       Distributed under the same terms as Net::Server

THANKS

       Thanks to Vadim for pointing out the IO::Socket::SSL accept was returning objects blessed into the wrong class.

perl v5.14.2							    2012-05-29					      Net::Server::Proto::SSL(3pm)