lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1172.209.158.167.98.1063052940.squirrel@web.axisamerica.com>
From: badpack3t at security-protocols.com (badpack3t)
Subject: MyServer 0.4.3 Denial Of Service

SP Research Labs Advisory x06
---------------------------------
www.security-protocols.com

MyServer 0.4.3 Denial of Service
---------------------------------

Download it here:
http://myserverweb.sourceforge.net

Date Released - 09/08/2003

------------------------------------
Product Description from the vendor:
MyServer is a free and easy to configure web server.  MyServer is licensed
under the GNU General Public License (GPL). See the license page for
additional info.  MyServer is in continuous development and new features
will be present in future releases. Go here to see the latest news from
the MyServer project.  It is available for windows and linux platforms. 
MyServer's principal goal is to create a free and simple powerful server
to allow everyone to transform his home PC in a server and be you own
webmaster with few clicks and share information easily with all the world!
 It is a multithread application that support multiprocessor machines, in
this way can be appreciated for professional uses too.

---------------------------
Vulnerability Description:

A denial of service (could possibly be exploitable) vulnerability exists
within MyServer 0.4.3.

2.2.10.0. Please see the exploit code for the malicious payload as it is
to large to post within the email. Once the malicious payload has been
sent, the web server will crash giving a runtime error.  If you have found
out that this is indeed exploitable, please send me an email if you don't
mind.

Advisory Link:

http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0

Tested on:

Windows XP Pro SP1
Windows 2000 SP3

----------------------------
Download the exploit here:

http://fux0r.phathookups.com/coding/c++/sp-myserver.c

peace out,

----------------------------
badpack3t
founder
www.security-protocols.com
----------------------------




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ