Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sserve1.htm

SlimServe HTTPd 1.0 - send a lot of A's to crash the server



Vulnerability

    SlimServe

Affected

    SlimServe HTTPd 1.0

Description

    Joe  Testa  found  following.   A  DOS  vulnerability exists which
    allows a remote attacker to crash the server.

    If an extraoridinarily long string  of 'A's is sent to  the server
    in a GET request, the server crashes with the following dump:

        SLIMHTTP caused an invalid page fault in
        module SLIMHTTP.EXE at 017f:004021db.
        Registers:
        EAX=ffffffff CS=017f EIP=004021db EFLGS=00010286
        EBX=00412794 SS=0187 ESP=00eafa1c EBP=000400a4
        ECX=8173ac0c DS=0187 ESI=00eb0000 FS=228f
        EDX=8173ac14 ES=0187 EDI=00000068 GS=0000
        Bytes at CS:EIP:
        8a 06 3c 0d 75 05 c6 06 00 eb 04 3c 0a 74 1a 66
        Stack dump:
        00eafe99 00eafd5d 00000000 0000000f
        00000000 00000001 00000068 00000000
        00000000 00000000 00000000 00000000
        00000000 00000000 00000000 00000000

Solution

    No quick fix is possible.  WhitSoft Development was contacted  and
    this was  the response  received by  Matt Whitlock:  "I appreciate
    your taking  the time  to alert  me to  the presence  of this bug.
    However, I can't  do anything to  fix it right  now, as I  have no
    time for programming."


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH