[19447] in bugtraq
DOS Vulnerability in SlimServe HTTPd
daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Wed Feb 28 22:42:50 2001
Mime-version: 1.0
Content-type: multipart/mixed;
boundary="Hushpart_boundary_ErCUhDPMCNGgQfAyMbFDCfokeIkyafzx"
Message-ID: <200102282333.PAA01486@user7.hushmail.com>
Date: Wed, 28 Feb 2001 18:37:44 -0500
Reply-To: joetesta@HUSHMAIL.COM
From: joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_ErCUhDPMCNGgQfAyMbFDCfokeIkyafzx
Content-type: text/plain
----- Begin Hush Signed Message from joetesta@hushmail.com -----
DOS Vulnerability in SlimServe HTTPd
Overview
SlimServe HTTPd v1.1 is a web server available from
http://www.whitsoftdev.com and http://www.download.com. A DOS
vulnerability exists which allows a remote attacker to crash the server.
Details
If an extraoridinarily long string ( ~80000 ) of 'A's is sent to the
server in a GET request, the server crashes with the following dump:
SLIMHTTP caused an invalid page fault in
module SLIMHTTP.EXE at 017f:004021db.
Registers:
EAX=ffffffff CS=017f EIP=004021db EFLGS=00010286
EBX=00412678 SS=0187 ESP=00eafa1c EBP=000400a4
ECX=81726914 DS=0187 ESI=00eb0000 FS=3b57
EDX=8172691c ES=0187 EDI=00000068 GS=402e
Bytes at CS:EIP:
8a 06 3c 0d 75 05 c6 06 00 eb 04 3c 0a 74 1a 66
Stack dump:
00eafe99 00eafd5d 00000000 0000000f
00000000 00000001 00000068 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Solution
No quick fix is possible.
Vendor Status
WhitSoft Development was contacted via <mwhitlock@whitsoftdev.com> on
Tuesday, February 20, 2001. No reply was received.
- Joe Testa ( e-mail: joetesta@hushmail.com / AIM: LordSpankatron )
----- Begin Hush Signature v1.3 -----
H3rAMdludc/DpXPE5kNn8LvGRgcB1cdUg7sSpMDpvcopVCbBVnSfSmR/k3qQPyv34eDu
e4eddq/4h6ffjOB+LPFKmvMTnpyqe3dqe2+A4Rfi5+0WGhHaPDMB+5nX+vMPu70ZKF+c
SI5hEJ2iBZ3agCBDv2AfPEC8Ybl+RJLJAfPzOwEOr2rZJ2cPr7TOYs71kmD5TV4dDmKf
QKx1mlaUxyjI25R0sxuzLWttnD5+taB3/xc8Iwcskwv3wgjIk9va7Sf88F07rm/tRcNy
9D6n1hFquJ4A8X+9utdWmYDhy3NENunLV4RUYTTiJLvutXfU/G+Be+XxuUoHjX0+d1Ij
IY4soyuV7zzNxsM+uuca4Dsc32v899SLy8e3+qTQI9+8jMx56BVKmXsD3oNFBNbRZaTa
toAM3SJo/jtwvRE96NiiRLKj8Q3Sshnh5y+luSwtUiGcTBRT8qO4okm2boz/XvOzv5sB
fnkJDtcM1MJUoZ627tghfNeCPH+FjCsqLwiAWqGQpTev
----- End Hush Signature v1.3 -----
This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_ErCUhDPMCNGgQfAyMbFDCfokeIkyafzx--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
