{"vuid":"VU#229955","idnumber":"229955","name":"Nobreak CrazyWWWBoard contains buffer overflow via User-Agent field","keywords":["Nobreak","CrazyWWWBoard","buffer overflow","User-Agent"],"overview":"Some versions of CrazyWWWBoard contain a buffer-overflow vulnerability that can be exploited by a remote user to execute arbitrary code.","clean_desc":"CrazyWWWBoard is a binary CGI program that is designed to provide dynamic web bulletin board services on web servers. Versions 2000p4 and 2000LEp5 of CrazyWWWBoard contain a buffer overflow vulnerability resulting from improper handling of the HTTP_USER_AGENT CGI environment variable.","impact":"A remote attacker can exploit this vulnerability to execute arbitrary code with privileges of the web server CGI process.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"None.","sysaffected":"","thanks":"Thanks to teleh0r for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["h","t","t","p",":","/","/","w","w","w",".","c","r","a","z","y","w","w","w","b","o","a","r","d",".","c","o","m","/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-01-30T22:30:27Z","publicdate":"2001-03-31T00:00:00Z","datefirstpublished":"2002-09-16T22:35:09Z","dateupdated":"2004-02-23T22:09:41Z","revision":7,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"3","cam_impact":"13","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"4.70925","cam_scorecurrentwidelyknown":"5.733","cam_scorecurrentwidelyknownexploited":"9.828","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.70925,"vulnote":null}