lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040526131851.AD62D241FD@chernobyl.investici.org>
From: fdonato at autistici.org (Donato Ferrante)
Subject: DoS in MiniShare 1.3.2

                           Donato Ferrante


Application:  MiniShare
              http://minishare.sourceforge.net/

Version:      1.3.2

Bug:          Denial Of Service

Date:         26-May-2004

Author:       Donato Ferrante
              e-mail: fdonato@...istici.org
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's description:

"MiniShare is meant to serve anyone who has the need to share files
to anyone, doesn't have a place to store the files on the web,
and does not want or simply does not have the skill and possibility
to set up and maintain a complete HTTP-server software such as Apache.
The application is meant to be as easy to use as any common software
most users use daily. However, this doesn't mean experienced users
can't find it useful."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program is unable to manage some user's requests.
In fact it waits at the end of each request at least two newlines.
So if you send to the webserver a GET or an HEAD request with no or
at most one newline, the webserver will crash.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability send to the webserver a request like:

GET: 

1. GET /something HTTP/1.1
-
2. GET /something HTTP/1.1\n
-


HEAD:

1. HEAD /something HTTP/1.1
-
2. HEAD /something HTTP/1.1\n
-


and the webserver will crash.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug will be fixed in the next version.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ