Title: AdvServer DoS Date: 21.06.02 Author: elab (http://elaboration.8bit.co.uk) Software: AdvServer Platform: Win32 Tested: Version 1.030000 Vendor: WWW: http://gamecheats.ws Contacted on: 30 May 02 Via: tassadarat_private && website Response: Within 2 days WARNING: This advisory has NOTHING to do with the Microsoft webserver of a similar name. Summary: From vendor's website (http://gamecheats.ws): "AdvServer is all you need for your web hosting needs, if you want a fast ,reliable ,and robust http web server then AdvServer is perfect for you. AdvServer Multithreading system allows you to handle insane amounts of web traffic. Smart PreCache system that loads frequently used files in to memory ,allowing for lightning fast server responces. Custom Api system so you are able to create library modules that increase the functionality of your website. AdvServer fully supports CGI applications such as Perl or PHP. Best of all AdvServer setup screen makes customization a breeze. Download AdvServer Today its free!" A DoS condition exists in AdvServer which can render the server unresponsive to further connections. Details: Connecting to AdvServer and sending a single CRLF sequence causes a page fault in advserver.exe. At this point the server still accepts new connections. If this action is repeated around another 100 times the server stops accepting new connections. The version tested and found to be vulnerable was 1.030000. The platform tested on was Microsoft Windows 98SE. History: Searches at securityfocus archives revealed no previous postings about this product yet a google search shows multiple download locations. Vendor: Vendor was contacted on 30 May 02 via email and website. Initial response was: "your the first person with this problem that has contacted me, but im currently working on another project sorry". On 08.06.02 vendor was sent a copy of this advisory, packet dumps of the DoS as well as PoC code and two weeks to respond with a reasonable schedule for a fix before this information would be made public. After further emails vendor stated: "the parsing module is being rebuilt, by june 17, 2002 version 1.04 will have the new module fix" As of release date no fixed version is available from vendor's website and vendor has become unresponsive to further attempts at communication. Also CC'ed a copy of this advisory. Workaround: Use a non-development stage web server for your hosting. Notes: In tests it took exactly 96 sockets and CRLF writes to crash the server (46 if you do it through localhost). The sockets did not need to be kept open and were sequential as opposed to parallel. It seems that various non HTTP conformant data can crash the server - a single CRLF per connection just seemed easiest. This advisory is also available from: http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt _____________________________________________ Free email with personality! Over 200 domains! http://www.MyOwnEmail.com
This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 13:05:18 PDT