Re: Remote DoS in AnlaogX SimpleServer:www 1.16

From: by way of bugtest (bugtest_at_sitoverde.comat_private)
Date: Tue Jul 02 2002 - 12:46:04 PDT

Next message: Jamie McCarthy: "Re: XSS in Slashcode"

Previous message: Tim Gladding: "BIND 9.2.1 patch, multiple RR's for singleton types."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, this mail is about the advisory posted by Fort and Foundstone for the
buffer-overflow in AnalogX SimpleServer v1.16.
If you send the chars for crash the server, it will continue to run and serve
other computers until the admin don't close the Windows'popup error message
(tested on Win9x).
So I have attached a simple proof-of-concept that not only crash the server,
but it rewrite the EIP with the address of WSACleanup() function, so ALL the
connections will be closed and nobody can use the server until it is not
closed and restarted.

BYEZ

application/x-gzip attachment: Simple exploit code

Next message: Jamie McCarthy: "Re: XSS in Slashcode"
Previous message: Tim Gladding: "BIND 9.2.1 patch, multiple RR's for singleton types."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 12:28:41 PDT