Simple Web Server Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in Simple Web Server version 2.2 rc2. The issue arises in the server's processing of the Connection HTTP header, where an overly long string can be sent by a remote attacker. The server improperly handles this input using vsprintf() without adequate bounds checking, leading to a buffer overflow on the stack. This vulnerability allows remote attackers to execute arbitrary code with the same privileges as the web server process. The exploitation occurs before any authentication is required.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running under the privileges of the web server process.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request to the server with an excessively long Connection header. This can be done using a variety of tools that allow for manual HTTP request crafting, such as Burp Suite or by writing a custom script in a programming language like Python or Perl. The Metasploit Framework also includes a module that automates this exploitation.