[ Advisory for Xitami 2.4d7, 2.5d4 ] [ Xitami is made by Imatix. ] [ Site: http://xitami.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0105 ] /-|=[explanation]=|-\ Xitami is a webserver. It has a denial of service. /-|=[who is vulnerable]=|-\ Anyone running Xitami 2.5d4, 2.4d7 and presumably earlier on a Windows 98/Millennium operating system. /-|=[testing it]=|-\ To test this vulnerability, try the following. send a request like this one: www.server.com/aux some computers crash after this request. Others seem to continue working, but when trying to browse the website or logging into the FTP server it fails. Sometimes a refresh of the main page even works, but no other links work. Trying to close the server by hitting the terminate button fails as well, meaning you'll have to Ctrl+Alt+Del it. /-|=[notes]=|-\ Because some computers do not crash completely or give any error messages this is dangerous as things seem to be normal at first glance. /-|=[fix]=|-\ Not known at the moment, vendor was contacted and said they would look into it. Over a week has gone by and nothing. Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 09:57:16 PDT