[17651] in bugtraq
Vulnerabilites in SmallHTTP Server
daemon@ATHENA.MIT.EDU (Kotarac Ante)
Tue Nov 14 11:40:02 2000
Message-ID: <20001114141441.13068.qmail@securityfocus.com>
Date: Tue, 14 Nov 2000 14:14:41 -0000
Reply-To: astral@403-SECURITY.ORG
From: Kotarac Ante <astral@403-SECURITY.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
403-security SECURITY ADVISORY
Product: SmallHTTPServer
Version: 2.01
Author: astral@403-security.org
Homepage: http://www.403-security.org
1st Problem:
By default if user send request without file name
specified (http://host/subdirectory/)
HTTPServer will look for index.html in that folder and
if doesn't exist it will fill memory
with 68K. Directory doesn't need to exist. So anyone
can write a small program that sends
lot requests to fill out memory. (5000 request will fill
300Mb of memory)
2nd Problem:
SmallHTTPServer supports
ServerSidesIncludes.When HTTPServer finds SSI
Tag that looks
like this <!--#tag_name= <*EMPTY> --> it will crash.
#tag_name can be any of supported
(#fsize,#include,#printenv...). In order to execute SSI
tags file must be *.shtm or *.shtml.
3rd Problem:
This insecure Server will crash if attacker sends out
few GET, HEAD or POST requests and closes
connection before Server
answered.
Exploit: Maybe ... but still everything is very easy to
reproduce.
Fix: Vendor fixed this problem by issuing new version
(2.03)
