-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ATPhttpd 0.4 DoS Vulnerability Type: DoS, crashes Daemon Release Date: December 13, 2001 Product / Vendor: ATPhttpd, the tiny, caching, high performance webserver. ATPhttpd is ideal for serving lots of static content, especially where disk I/O is expensive, such as NFS mounted web shares, or graphics servers. http://www.redshift.com/~yramin/atp/atphttpd/ Summary: Server crashes after sending very long URL a few times. http://host/AAAAAAAAA...(Ax3000)...AAA Log: You may reach the core file through http://www.securityoffice.net/downloads/atphttpd.core Exploit: atphttpd.pl by Tamer Sahin http://www.securityoffice.net/downloads/atphttpd.txt Tested: OpenBSD 2.9 / ATPhttpd 0.4 Alpha release Vulnerable: ATPhttpd 0.4 Alpha release (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin tsat_private http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPBj9fbuLpFMrXtywEQIuKACcDh+NkQCVj+iTV048l9ybQiWN90cAn1zw 1chZ5YPNBB46zdB7c1cSHUp3 =K1EP -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 16:44:38 PST