[23877] in bugtraq
Re: ZBServer Pro DoS Vulnerability
daemon@ATHENA.MIT.EDU (Steven M. Christey)
Wed Jan 16 18:29:26 2002
Date: Tue, 15 Jan 2002 20:33:56 -0500 (EST)
Message-Id: <200201160133.UAA07882@linus.mitre.org>
From: "Steven M. Christey" <coley@linus.mitre.org>
To: bugtraq@securityfocus.com
Tamer Sahin <ts@securityoffice.net> said:
>Server crashes after sending very long URL a few times.
>
>http://host/AAAAAAAAA...(Ax2500)...AAA
>
>Tested:
>Windows 2000 / ZBServer Pro 1.50-r13
It appears that this problem was originally publicized on December 23,
1999. It was reported by USSR to Bugtraq and NTBugtraq in a post
titled "Local / Remote GET Buffer Overflow Vulnerability in ZBServer
1.5" (CVE: CVE-2000-0002). USSR was unable to get a response from the
vendor.
devix posted a followup stating that the vendor had been notified
about the problem in 1997.
Dark Spyrit later posted an exploit to Bugtraq which appears to
execute arbitrary code, not just cause a DoS.
A search for "ZBServer" on various well-known vulnerability
repositories produced the following references (note: URLs may be
wrapped):
http://www.securityfocus.com/archive/1/39597
http://www.securityfocus.com/archive/1/39654
http://www.securityfocus.com/archive/1/44126
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0002
http://www.securityfocus.com/bid/889
http://xforce.iss.net/static/3809.php
A search for "ZBServer" on both AltaVista and Google includes
references to the Bugtraq posts on the first page.
Vendor links:
http://www.zbserver.com/zbserver/index.html
(the 1997 copyright date might indicate why the problem has not
been fixed)
http://www.zbsoft.com/zbserver/support.html
- Steve
