[29597] in bugtraq
Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall
daemon@ATHENA.MIT.EDU (Peter Pentchev)
Wed Apr 2 16:21:13 2003
Date: Tue, 1 Apr 2003 10:49:58 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Dmitry Maksimov <dmaksimov@ptsecurity.ru>
Message-ID: <20030401074958.GB776@straylight.oblivion.bg>
Mail-Followup-To: Dmitry Maksimov <dmaksimov@ptsecurity.ru>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline
In-Reply-To: <78308857623.20030331100026@ptsecurity.ru>
--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Mar 31, 2003 at 10:00:26AM +0400, Dmitry Maksimov wrote:
[snip]
> Positive Technologies reports that single simple HTTP request to Kerio
> Winroute Firewall Web administration interface (TCP/4080)
>=20
> GET / HTTP/1.0
> Authorization: Basic XXX
> =20
> instead of correct one:
>=20
> GET / HTTP/1.0
> Host: server
> Authorization: Basic XXX
>=20
>=20
> causes 100% CPU utilization of attacked computer.
Hmm. Correct me if I'm wrong, but IMHO version 1.0 of the HTTP protocol
does *not* require a Host header in the request. The Host header is a
requirement in HTTP/1.1 for virtual hosting, isn't it? Thus, an
HTTP/1.0 request without a Host header is perfectly valid, and expected.
This would mean that this application breaks not only on invalid
requests, but also on legitimate ones.
G'luck,
Peter
--=20
Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
I am jealous of the first word in this sentence.
--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+iUSm7Ri2jRYZRVMRArQ3AJwMnORIIpnY2RlM7TBbt6VyrHCnCwCfYjmo
o+YzkxQTY5GCohip+8MSbyA=
=wnY5
-----END PGP SIGNATURE-----
--6c2NcOVqGQ03X4Wi--
