Savant Web Server versions 3.1 and prior contain two buffer overflow issues. A remote attacker could cause a denial of service (DoS) or possibly execute arbitrary code with the file permissions assigned to the web server.
The first issue occurs when an attacker sends a malformed GET request to the server that contains a URL of more than 291 characters. This results in a buffer overflow and causes the server to crash. Additionally, a remote attacker may be able to execute arbitrary code with daemon privileges. Proof-of-concept code has been developed, but it has not been released to the public.
The second buffer overflow issue is in the cgitest.exe program that is inserted by default into the cgi-bin directory. The buffer is limited to 128 characters. If an attacker sends more than the 128 character limit, the extra bytes overwrite the EBP and EIP registers and crash the server. During the DoS, port 80 stays open but the server does not answer client requests.
Patches are unavailable.