lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <000a01c2a165$8a596b40$0402a8c0@teliahomebase>
From: kruse at krusesecurity.dk (Peter Kruse)
Subject: Denial of Service vulnerability in VisNetic Website

Name:              VisNetic WebSite Denial of Service
Date:              12th of December 2002
Software affected: VisNetic WebSite 3.5.13.1
                   (prior versions are vulnerable)
Advisory:          http://www.krusesecurity.dk/advisories/vis0102.txt
Risk:              Medium

Legal Notice:

This Advisory is copyright by Peter Kruse. 
You may distribute this unmodified.

Disclaimer:

The opinions expressed in this advisory are my own and not that of any
company. 
The usual standard disclaimer applies, especially the fact that Peter
Kruse 
or Kruse Security is not liable for any damages caused by direct or
indirect 
use of the information or functionality provided by this advisory or
program.

Vendor Description:

VisNetic Website, the first web server developed specifically for
Windows, 
can use almost any development platform, and includes features that
allow web 
developers to create powerful, flexible web sites. VisNetic WebSite is a
secure 
Windows-based web server that supports multiple domains, and allows
TLS/SSL 
secured domains. This web server also includes support for a user
database that 
can restrict access to content, and is immune to many of the security
issues 
that may arise with other popular web servers.

Problem:

During a trial installation of the Visnetic website package I discovered
a bug 
in the software that would crash the server on handling special
longsized URLs. 
The server is subject to a Denial of Service attack. The weakness could
allow 
a malicous attacker to send an oversized packet to the server which will
effect 
a Denial of Service to the application.

Description:

The flaw can be exploited with the /OPTIONS. 
With a "OPTIONS /AAAAAAA.HTML" approx. 5001 A's you can send data to the
webserver 
and crash the application. The server will crash with an instruction
(write) fault 
at 0x00417d54 pointing to 0x41414141 in the httpd32.exe application.
This weakness 
has been verified by testing against the latest website software from
Deerfield 
(v3.5.13.1).

It should be noted that an attack will still be caught in the log file
for 
inspection by a company attacked by this long URL.

Solution: 

Update your VisNetic Website to version 3.5.15.

Credit:

I would like to thank Deerfield for quick and very professional handling
of the 
reported issue. An update has been released and can be downloaded from
Deerfield's 
web site at:

http://www.deerfield.com/download/visnetic_website/

The update can also be downloaded from the Visnetic WebSite
administration console, 
support tab, check for updates (at the bottom of the tab). 

Kind regards

Peter Kruse
Kruse Security
http://www.krusesecurity.dk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ