[19903] in bugtraq
def-2001-15: Website Pro Remote Manager DoS
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Peter_Gr=FCndl?=)
Wed Mar 28 11:51:33 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-ID: <004f01c0b76d$e1549930$71002d0a@dk.defcomsec.com>
Date: Wed, 28 Mar 2001 12:00:12 +0200
Reply-To: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
======================================================================
Defcom Labs Advisory def-2001-15
Website Pro Remote Manager DoS
Author: Peter Gründl <peter.grundl@defcom.com>
Release Date: 2001-03-28
======================================================================
------------------------=[Brief Description]=-------------------------
The remote manager service contains a flaw that allows an attacker to
cause the service to crash.
------------------------=[Affected Systems]=--------------------------
- Website Pro/3.0.37
----------------------=[Detailed Description]=------------------------
The remote manager service (default on port 9999) will leak memory if
non-authenticated requests are repeatedly made to the /dyn/ directory
and will eventually get killed by the OS.
eg:
GET /dyn/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx HTTP/1.0
host: 10.0.0.1
---------------------------=[Workaround]=-----------------------------
Disallow access to the remote manager service from untrusted networks.
The service is on TCP port 9999 by default.
-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 21st of
February, 2001 and although the vendor has been contacted repeatedly
no workaround or fix has been received to this date.
======================================================================
This release was brought to you by Defcom Labs
labs@defcom.com www.defcom.com
======================================================================
