[18874] in bugtraq
DOS Vulnerability in SlimServe HTTPd
daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Tue Jan 30 16:28:59 2001
Content-Type: multipart/mixed;
boundary="Hushpart_boundary_rkCYVtkZKhJjKFCObensQorrBtGvEsOA"
Mime-Version: 1.0
Message-Id: <200101301739.JAA24600@user7.hushmail.com>
Date: Tue, 30 Jan 2001 12:41:52 -0800
Reply-To: joetesta@HUSHMAIL.COM
From: joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_rkCYVtkZKhJjKFCObensQorrBtGvEsOA
Content-type: text/plain
DOS Vulnerability in SlimServe HTTPd
Overview
SlimServe HTTPd v1.0 is a web server available from http://www.whitsoftdev.com
and http://www.download.com. A DOS vulnerability exists which allows a
remote
attacker to crash the server.
Details
If an extraoridinarily long string of 'A's is sent to the server in a GET
request, the server crashes with the following dump:
SLIMHTTP caused an invalid page fault in
module SLIMHTTP.EXE at 017f:004021db.
Registers:
EAX=ffffffff CS=017f EIP=004021db EFLGS=00010286
EBX=00412794 SS=0187 ESP=00eafa1c EBP=000400a4
ECX=8173ac0c DS=0187 ESI=00eb0000 FS=228f
EDX=8173ac14 ES=0187 EDI=00000068 GS=0000
Bytes at CS:EIP:
8a 06 3c 0d 75 05 c6 06 00 eb 04 3c 0a 74 1a 66
Stack dump:
00eafe99 00eafd5d 00000000 0000000f
00000000 00000001 00000068 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Solution
No quick fix is possible.
Vendor Status
WhitSoft Development was contacted via <mwhitlock@whitsoftdev.com> on
Sunday, January 28, 2001. This was the response I received:
> I appreciate your taking the time to alert me to the presence of this
bug.
> However, I can't do anything to fix it right now, as I have no time for
> programming.
>
> Matt Whitlock
- Joe Testa ( joetesta@hushmail.com )
--Hushpart_boundary_rkCYVtkZKhJjKFCObensQorrBtGvEsOA--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
