Bugtraq mailing list archives
Lame DoS in WEBactive win65/NT server
From: prizm () RESENTMENT ORG (Prizm)
Date: Thu, 13 Jul 2000 01:27:38 -800
I was looking for a small server to download recently to show one of my friends something I had made and later I messed about with this little program a bit and noticed some DoS bug. I have enclodes a .txt file on the problem in it. Not a big deal, very un-used product. -Prizm Application: ITAfrica's WebACTIVE version 1.00 Problem Type: Denial of Service Author: Prizm<Prizm () RESENTMENT org> Platform(s): Windows 95/98/NT Vendor Status: Not Informed, Project discontinued(I think) Download URL: ftp://ftp.mira.net/mirrors/winsock-l/Windows95/Daemons/HTTPD/activ100.zip Product Description ------------------- WEBactive HTTP Server 1.00 is an HTTP/1.00-compliant World Wide Web server daemon for Windows 95 or Windows NT, specifically designed for the SOHO (Small Office/Home) environment. It will operate on any TCP/IP connection to the Internet, whether via temporary dial-up or permanent leased-line connectivity. Problem ------- The problem is with bounds checking, when you request 280 characters Webactiv.exe just shuts down. Quick Example: http://somedomain/0000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000 *Also* by simply requesting /active.log, you can view the webserver log, because active.log is the default logfile name and the default directory is where that file is stored. Vendor Status ------------- Heh, this server was discontinued as far as I see... it is rather dated and doesn't support much. Seeing as it was last revised in 1996, i think contacting the vendor would be rather meaningless... Also the fact that it is HTTP/1.00-compliant kind of hints it is no longer being updated. Greetings --------- Lamagra, Scrippie, eth0, Cruciphux/HWA and many others...
Current thread:
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER, (continued)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)
- Re: REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Andrew L . Davis (Jul 11)
- Updated - Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jul 12)
- Netscape SmartDownload reports file information to AOL John L. Morello (Jul 12)
- RSA Aceserver UDP Flood Vulnerability Gwendolynn ferch Elydyr (Jul 12)
- ftp.pl vulnerability zillion @ safemode (Jul 12)
- ISC DHCP client v2 hole fixed...or not? Pavel Kankovsky (Jul 12)
- cvsweb: remote shell for cvs committers Joey Hess (Jul 12)
- FreeBSD Security Advisory: FreeBSD-SA-00:33.kerberosIV FreeBSD Security Advisories (Jul 12)
- eEye Digital Security ports nmap to Windows NT Marc (Jul 13)
- Lame DoS in WEBactive win65/NT server Prizm (Jul 13)
- Security Bulletins Digest patrick () PINE NL (Jul 13)
- More wIRCSrv stupidity Drew (Jul 13)
- Re: More wIRCSrv stupidity Alex Charalabidis (Jul 13)
- MDKSA-2000:019 cvsweb update Linux Mandrake Security Team (Jul 14)
- BIG BROTHER EXPLOIT Eric Hines (Jul 11)
- Re: Pollit CGI-script opens doors! Max Vision (Jul 11)
- Re: Pollit CGI-script opens doors! Simple Nomad (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:31.canna [REVISED] FreeBSD Security Advisories (Jul 11)
- REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Eric Hines (Jul 11)