lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 20 Oct 2004 14:36:33 +0000
From: R00tCr4ck <root@...erspy.org>
To: bugtraq@...urityfocus.com, vuln@...unia.com, bugs@...uritytracker.com,
   vulnwatch@...nwatch.org
Subject: MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web
	Server X1 for Windows


#####################################
# CHT Security Research Center-2004 #
# http://www.CyberSpy.Org           #
# Turkey                            #
#####################################

Software:
Abyss Web Server X1 for Windows

Web Site:
http://www.aprelium.com/

Affected Version(s):
X1

Description:
Abyss Web Server X1 is a free personal web server available for Windows, MacOS
X, Linux, and FreeBSD operating systems.


Official Description from the web site:
"Abyss Web Server is based on the APX architecture.
APX, which stands for Anti-crash Protection eXtension, was created, here at
Aprelium, to make the server crash-proof.
If it happens that the software causes a critical error and crashes (which is by
the way very improbable),
a report will be generated if possible and the server is automatically
restarted.
The downtime in such a case won't last more than 1 second!
Anti-crash protection system guarantees 100% uptime!"

There is MS-DOS Device Name Denial Of Service Vulnerability in Abyss Web Server
X1 for Windows:

It is possible to remotely crash a system running Abyss Web Server X1 by
submitting URL requests for a MS-DOS devicename
such as con,prn,aux in the cgi-bin folder (cgi-bin directory comes with default
installation)A restart of the server service is required in order to gain
normal functionality.

Example:

http://[victim]/cgi-bin/prn

----
Reported By R00tCr4ck at October,20 2004
root(at)CyberSpy.Org
Original Article can be found at:
http://www.CyberSpy.Org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ