Bugtraq mailing list archives
NSCA HTTPD (for Windows) bug.
From: renosm () YAHOO COM (Renos)
Date: Fri, 8 May 1998 01:33:26 -0700
Well, it seems that I found a bug in NCSA's httpd v1.4 (for Windows). The bug can cause the server to crash. The problem seems to be that the server has MAX_STRING_LEN defined to 256 characters. So, when a client's request is larger than 256 characters the server crases. I tested it on a PC running Windows 3.11, wich I believe are more stable than Win95, with W32s driver. I TELNETed into the server on port 80 (using 127.0.0.1 as the IP address). Then using the 'GET' command I insert more than 256 characters. The server crashed showing a message asking the user to terminate the program. I haven't try it yet on other PC, but the problem it's the MAX_STRING_LEN, so it doesn't make any differents. The server crashes showing no messages to the clients screen. In the Access Log files the client's request seems like a normal request nad Ididn't found anything on Error Log file.I even tested with a Web Browser calling a file with more than 256 characters and I had the same results. Since the server is not for commercial use the bug doesn't seem to be serious. A fix would be to re-define MAX_STRING_LEN to a much bigger number. As far as I know the Server Administrator cannot re-define MAX_STRING_LEN. Greetings Renos _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Re: 3Com switches - undocumented access level. Mike Richichi (May 05)
- Re: 3Com switches - undocumented access level. Doug Hughes (May 06)
- <Possible follow-ups>
- Re: 3Com switches - undocumented access level. Durval Menezes (May 06)
- Re: 3Com switches - undocumented access level. Durval Menezes (May 06)
- Re: 3Com switches - undocumented access level. Jean-Francois Malouin (May 06)
- Re: 3Com switches - undocumented access level. Riku Meskanen (May 07)
- dip 3.3.7 exploit jamez (May 07)
- dip-3.3.7o exploit zef (May 07)
- Re: 3Com switches - undocumented access level. Eric Monti (May 07)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- NSCA HTTPD (for Windows) bug. Renos (May 08)
- 4 Advisories for Digital Unix: ftp, advs, rpc.statd, ftpd Helmut Springer (May 08)
- xterm exploit [TOG issue] Andrea Arcangeli (May 08)
- BSDI 3.1/Squid Default Owner Jonathan A. Zdziarski (May 07)
- Re: 3Com switches - undocumented access level. Toh Chang Ying (May 08)
- Re: 3Com switches - undocumented access level. Aleph One (May 08)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Joao Carlos Mendes Luis (May 10)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level. der Mouse (May 08)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)