[12193] in bugtraq
Re: Sample DOS against the Sambar HTTP-Server
daemon@ATHENA.MIT.EDU (Dennis Conrad)
Sat Oct 9 14:47:20 1999
Content-Type: text/plain
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <99100903295400.00264@dennis>
Date: Sat, 9 Oct 1999 03:17:47 +0200
Reply-To: Dennis Conrad <conrad.d@GMX.DE>
From: Dennis Conrad <conrad.d@GMX.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
First of all: The DoS WORKS. Tod Sambar himself tested it and found
his server vulnerable. But: You4re right Steve!
> > print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
Ther are too many 9s. My Perl (v.5005_02 running an Linux 2.2.12) only
prints a "GET<space><space>HTTP/1.0" as well. If you use a few 9s less,
you4ll get a "Out of memory".
I4m really sorry about this, but I4m not an experienced programmer and
it was late at night when threw this together.
> I conclude that the script as posted will not DoS the server even if
> it is vulnerable, unless a simple "GET HTTP/1.0" triggers the DoS.
Well, it WILL DoS the server, but due to the lack of an Windows box I
can4t say if there have to be two <space>s or one is enough.
> I suggest that until the nature of the DoS is clarified anyone using
> the script to test their own server should try it as-is, then try it
> with fewer 9s (probably 9999 or 99999, maybe more if it's a resource
> exhaustion DoS).
No, that definetly does NOT work.
Thanks to Steve for reporting this. My failure.
Please note that the version on http://www.sambar.com is STILL vulnerable
and there has been NO security advise by Tod Sambar!
\---------------------[ Dennis Conrad ]-----------------\
\-------------------[ conrad.d@gmx.de ]-----------------\
\---------[ http://www.linuxstart.com/~dennis ]---------\
